4a57361d4ef7323768b696e5c0a0cebe142c5f3d436fd6689af17c342465fe3f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 22:52

Target

09a6036b4c723bc1026c2de103b65200_NeikiAnalytics.exe
Size

73KB
MD5

09a6036b4c723bc1026c2de103b65200
SHA1

bac243ff611fa7c95890f2f813a126e13ff5564c
SHA256

4a57361d4ef7323768b696e5c0a0cebe142c5f3d436fd6689af17c342465fe3f
SHA512

1c69e174b98ca940bb80fed7b11ed1c29ce01af2113ce03f05b6954d4cb86ce0c755f97389f21ab465944d3bdf7157de9c3d610a9d4199cc908742397b99abdf
SSDEEP

1536:hblyhJYSwyRK5QPqfhVWbdsmA+RjPFLC+e5hT0ZGUGf2g:hKKSwGNPqfcxA+HFshTOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3944	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3676 wrote to memory of 3980	3676	09a6036b4c723bc1026c2de103b65200_NeikiAnalytics.exe	82
PID 3676 wrote to memory of 3980	3676	09a6036b4c723bc1026c2de103b65200_NeikiAnalytics.exe	82
PID 3676 wrote to memory of 3980	3676	09a6036b4c723bc1026c2de103b65200_NeikiAnalytics.exe	82
PID 3980 wrote to memory of 3944	3980	cmd.exe	83
PID 3980 wrote to memory of 3944	3980	cmd.exe	83
PID 3980 wrote to memory of 3944	3980	cmd.exe	83
PID 3944 wrote to memory of 4928	3944	[email protected]	84
PID 3944 wrote to memory of 4928	3944	[email protected]	84
PID 3944 wrote to memory of 4928	3944	[email protected]	84

C:\Users\Admin\AppData\Local\Temp\09a6036b4c723bc1026c2de103b65200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\09a6036b4c723bc1026c2de103b65200_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3980
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3944
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4928

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
5fdfc8dfdf1b56251a9d02436533addc

SHA1
96b087af796ff52c8e3031edbcf896dc9ccf5c6f

SHA256
3382291a83c27ea40bcb9cb2ee0baf70800969d9eba8d7f2ba6aa86c448a6de4

SHA512
46b5e24718eeb7f0f10c65179e90e0213a4b9e9b5f3a59a0aebab880262612736c1c0f0557ac7ef241bd25f04b7febe45ca370715e6f762a005fa8061d81c585

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3676-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3944-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download