2350b32998b49b5a28c44a2e62576bf19602c88767d49893512d199698e252a2

Analysis

max time kernel
129s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 00:09

Target

3c236f77574249cfc5252631ae28b5e0_NeikiAnalytics.exe
Size

79KB
MD5

3c236f77574249cfc5252631ae28b5e0
SHA1

c2cf9440abd707c1e1d08f03b9c103435940675f
SHA256

2350b32998b49b5a28c44a2e62576bf19602c88767d49893512d199698e252a2
SHA512

ba021231179ef2e88ad9dda889d9bb9c476f97ed097ea2e1c8ce96024abbb97ee217fe3e5d6829910234265a738f0da3ff90ad9f7e08087364b2202d0ac67a37
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
5920	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 3612	4896	3c236f77574249cfc5252631ae28b5e0_NeikiAnalytics.exe	84
PID 4896 wrote to memory of 3612	4896	3c236f77574249cfc5252631ae28b5e0_NeikiAnalytics.exe	84
PID 4896 wrote to memory of 3612	4896	3c236f77574249cfc5252631ae28b5e0_NeikiAnalytics.exe	84
PID 3612 wrote to memory of 5920	3612	cmd.exe	85
PID 3612 wrote to memory of 5920	3612	cmd.exe	85
PID 3612 wrote to memory of 5920	3612	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\3c236f77574249cfc5252631ae28b5e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c236f77574249cfc5252631ae28b5e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3612
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:5920

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c239ea02a0b9243b4a0ee6fbad878ee5

SHA1
0b6db96de2b2bf71d6705f5c92595948b83bdbf4

SHA256
8c61cc99cde2b08dfa6c22ba690abf9ec9a6684a2d5279ef99beb3ca2b5b34c2

SHA512
1420f0a5f67e620b5a2e7b4e4bee9f9955a61e4477c6f9db61814cbeab99e3defaea85479ebbbefc389fc828ca0355b8bf8b8d77b882b63bfae290e47a4508e7

Download Submit
memory/4896-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5920-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download