2837fa42a956417cbbf67c3a6f8656f79fcdca19e245548658b4b7d759a9692f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 23:32

Target

0c6f81b13ee2e0aa2bf26b17ffc17a20_NeikiAnalytics.exe
Size

73KB
MD5

0c6f81b13ee2e0aa2bf26b17ffc17a20
SHA1

06d2c11bbbc563c5101040f806ddff79f8816140
SHA256

2837fa42a956417cbbf67c3a6f8656f79fcdca19e245548658b4b7d759a9692f
SHA512

a1a2817dece3989e46723843fab969318a5a3526bdd8cc1f64f57ee324f1f599cc348871c1b5c2d1e06a3a701cc95d139937eeea1322ca1e77f699b2701680a0
SSDEEP

1536:hbqD0X1jYK5QPqfhVWbdsmA+RjPFLC+e5ht0ZGUGf2g:h+2eNPqfcxA+HFshtOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2868	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 212	8	0c6f81b13ee2e0aa2bf26b17ffc17a20_NeikiAnalytics.exe	84
PID 8 wrote to memory of 212	8	0c6f81b13ee2e0aa2bf26b17ffc17a20_NeikiAnalytics.exe	84
PID 8 wrote to memory of 212	8	0c6f81b13ee2e0aa2bf26b17ffc17a20_NeikiAnalytics.exe	84
PID 212 wrote to memory of 2868	212	cmd.exe	85
PID 212 wrote to memory of 2868	212	cmd.exe	85
PID 212 wrote to memory of 2868	212	cmd.exe	85
PID 2868 wrote to memory of 4168	2868	[email protected]	86
PID 2868 wrote to memory of 4168	2868	[email protected]	86
PID 2868 wrote to memory of 4168	2868	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\0c6f81b13ee2e0aa2bf26b17ffc17a20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0c6f81b13ee2e0aa2bf26b17ffc17a20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4168

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
9a6bd10cd1e6dc913136c3ef344850a9

SHA1
578b77c9c4bb6437c2c2c05262e0408c4127295c

SHA256
699dd94b8c827fe343631be96c468d233c38cfb04e1d3f3553baa2d22b7ccd6c

SHA512
964503ea4b524f1540a08e9dd4bc6292d7866cab6412c0254980eec19e651434c4cf05da5299cc4fff9aad9cb2b061f4bf6c5eb2528eadc8a043f0be0926bb3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/8-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2868-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download