ff973cd5af32f73406ff2f088b06dd93811bf8149b75c913b781a95e63ee02dd

Analysis

max time kernel
134s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 17:47

Target

002616b91bf558c4a7a4655068c2c780_NeikiAnalytics.exe
Size

79KB
MD5

002616b91bf558c4a7a4655068c2c780
SHA1

d0a9998936521c7eb648a80e738563738d22dc34
SHA256

ff973cd5af32f73406ff2f088b06dd93811bf8149b75c913b781a95e63ee02dd
SHA512

c705884ccc37e1adb812b52ad090be9d82ff8804177df870f717893565d89dc4f76502bf63d6ba7cb532dcefed5ebcff13abd7f2ea84cf5b159bb01f4ae7521f
SSDEEP

1536:zvNY1FBub1Ht0OQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvNQFexGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1380	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 1592	3252	002616b91bf558c4a7a4655068c2c780_NeikiAnalytics.exe	83
PID 3252 wrote to memory of 1592	3252	002616b91bf558c4a7a4655068c2c780_NeikiAnalytics.exe	83
PID 3252 wrote to memory of 1592	3252	002616b91bf558c4a7a4655068c2c780_NeikiAnalytics.exe	83
PID 1592 wrote to memory of 1380	1592	cmd.exe	84
PID 1592 wrote to memory of 1380	1592	cmd.exe	84
PID 1592 wrote to memory of 1380	1592	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\002616b91bf558c4a7a4655068c2c780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\002616b91bf558c4a7a4655068c2c780_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1380

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5b6486c4a95870a4f93e872d381d7120

SHA1
ee680cb8fe936eb239c89f378f07bf7148293d16

SHA256
38a7c7702ad735721222f8e6c88472badc4a945287cf9305c0fb9dc5afa4ada8

SHA512
fcad44b7933c9fbbf89980b94fa5c72361f720d573188e2edb274d2f33a90e2579bccaadbeac0aaa08a02264a8f00852a7e35e664d8a8609794449c216146e32

Download Submit
memory/1380-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3252-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download