f7ae1596791de574ce13a3e123662d3347cf40eae5599ad0a9055e699ef3b3a0

Analysis

max time kernel
132s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 23:55

Target

0e0a881c5f888ab135c3c6ff1b53f3b0_NeikiAnalytics.exe
Size

79KB
MD5

0e0a881c5f888ab135c3c6ff1b53f3b0
SHA1

4bb9cb99f717f36f880a6d42ead187499a8ea4ae
SHA256

f7ae1596791de574ce13a3e123662d3347cf40eae5599ad0a9055e699ef3b3a0
SHA512

77a2f616166f85f2560662b0c917fb1b30f3f2068c162c3a6e0763561667ca2f1fe63ef71b341dc77bf69a379c199e08402127b9c09c2930d5a5059efbb81da9
SSDEEP

1536:zvlhoiHiPFWDJOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvVCd/GdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1156	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 3788	220	0e0a881c5f888ab135c3c6ff1b53f3b0_NeikiAnalytics.exe	84
PID 220 wrote to memory of 3788	220	0e0a881c5f888ab135c3c6ff1b53f3b0_NeikiAnalytics.exe	84
PID 220 wrote to memory of 3788	220	0e0a881c5f888ab135c3c6ff1b53f3b0_NeikiAnalytics.exe	84
PID 3788 wrote to memory of 1156	3788	cmd.exe	85
PID 3788 wrote to memory of 1156	3788	cmd.exe	85
PID 3788 wrote to memory of 1156	3788	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\0e0a881c5f888ab135c3c6ff1b53f3b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e0a881c5f888ab135c3c6ff1b53f3b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3788
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1156

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c784d98b310fe3ce49a277ca5d4a87a7

SHA1
c84648412ef8bf5c8d9a9f8131c2e7b0c52db49f

SHA256
e4f6397aa71b114c71939a0f11bfb1435c1a4ffeb5ba860223f220cfa2cdab83

SHA512
bdb63d988d9f04c6073a55c0657f46fc98d3e23f209ad47a8e89aeb53a2b03f225763a7e695c60b7a940e908420eec62d7f8722fd3b4115b5b77ec30f400a735

Download Submit
memory/220-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1156-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download