766bb938598cb3325744abbf9ced05f960a084f61dd3dffa51413533823eb572

Analysis

max time kernel
132s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 14:32

Target

6db50ccf120985e778ce0653a0c7a7d0_NeikiAnalytics.exe
Size

79KB
MD5

6db50ccf120985e778ce0653a0c7a7d0
SHA1

6f7b2f6250eec058b18d9cbc55d1c1a9b369dda3
SHA256

766bb938598cb3325744abbf9ced05f960a084f61dd3dffa51413533823eb572
SHA512

b9127169d471e260d6754b59bffe8e00d0beed72d877bd06b7368fad7c4e63473173d1528817ecdd9477d059ef00ce88fe378f437a41f583f4b9f4996c3d0353
SSDEEP

1536:zvFcEYMOt7kLciG7OQA8AkqUhMb2nuy5wgIP0CSJ+5ycBB8GMGlZ5G:zviEYFtskqGdqU7uy5w9WMycBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1264	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 3064	4252	6db50ccf120985e778ce0653a0c7a7d0_NeikiAnalytics.exe	84
PID 4252 wrote to memory of 3064	4252	6db50ccf120985e778ce0653a0c7a7d0_NeikiAnalytics.exe	84
PID 4252 wrote to memory of 3064	4252	6db50ccf120985e778ce0653a0c7a7d0_NeikiAnalytics.exe	84
PID 3064 wrote to memory of 1264	3064	cmd.exe	85
PID 3064 wrote to memory of 1264	3064	cmd.exe	85
PID 3064 wrote to memory of 1264	3064	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\6db50ccf120985e778ce0653a0c7a7d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6db50ccf120985e778ce0653a0c7a7d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1264

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
35aef3098fb320f781f022cd9a55b09c

SHA1
f6d541eade32074fb5aecc74e02f144bc5562a6e

SHA256
c0e0aa2c7b4a2117fc6d3f7d300cc4a0fee72b43b34e1cc2ac375222c34758c3

SHA512
889ff48cd34ae0efc5a49b70a3344f70ac175d8be9057e71e26e28551878bb26333013ecf1934c2947e6d06815e950d106299da48e45d96dd6d953680f3f18e9

Download Submit
memory/1264-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4252-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download