6361ff0b87ba8006c8cc2d8f2739eb9b29d3c7b222b6c710e1c3b8c621132eac

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 21:31

Target

03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe
Size

79KB
MD5

03e06979e2cba19d419edf2a5fa340d0
SHA1

e1e6479b98963d68c3b74f7aaac730b114acf094
SHA256

6361ff0b87ba8006c8cc2d8f2739eb9b29d3c7b222b6c710e1c3b8c621132eac
SHA512

1aea0c8f5cc818a3e96f6d16b8c47e409109b65df441054e49980b5bb4add072ce6a57e2690870299714e3546aa3c6ab01dc183b9c041ac1c1856af209c7df64
SSDEEP

1536:zvdpDHWjMdEtZeZv9OQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvdpCIcmvkGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1068	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 244	1848	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	84
PID 1848 wrote to memory of 244	1848	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	84
PID 1848 wrote to memory of 244	1848	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	84
PID 244 wrote to memory of 1068	244	cmd.exe	85
PID 244 wrote to memory of 1068	244	cmd.exe	85
PID 244 wrote to memory of 1068	244	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:244
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1068

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
442c3a38360c8c0cf0b995d6a2ed0447

SHA1
abfaf5c43cd2a8132a9424e595707062cd26cd57

SHA256
df230e13c1ffa64361f746a5ccce6c11aad2bec7ff089a8ab6433869945b248b

SHA512
e2d5fdc5d93345f7a275b2ee5ad1c91c43d59bd4f273c7779d9d11e0133bf65c28d637e7c1041260c758ce7bc752ed499eba82db534d9e543704c67105913e69

Download Submit
memory/1068-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1848-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download