46c840933f67b603d84b1682d0fdabd315ab18bf933f0f7471ab9efd70885df4

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 01:14

Target

46929b38630978dbfb4cba90908abfc0_NeikiAnalytics.exe
Size

79KB
MD5

46929b38630978dbfb4cba90908abfc0
SHA1

69f43c1f8d5ae6f38c19c9f302ce3d4bf98b9e17
SHA256

46c840933f67b603d84b1682d0fdabd315ab18bf933f0f7471ab9efd70885df4
SHA512

d2a90e5f387638e599e252a5142f3efebce968a7940d043e74299fda01d2254c6cf5967dffbe2bade196f74426c3834486a32f825feeda80631de472d078c5d8
SSDEEP

1536:zvjIGSEX0E9jPOQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvjSFsmGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4848	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 1868	3632	46929b38630978dbfb4cba90908abfc0_NeikiAnalytics.exe	83
PID 3632 wrote to memory of 1868	3632	46929b38630978dbfb4cba90908abfc0_NeikiAnalytics.exe	83
PID 3632 wrote to memory of 1868	3632	46929b38630978dbfb4cba90908abfc0_NeikiAnalytics.exe	83
PID 1868 wrote to memory of 4848	1868	cmd.exe	84
PID 1868 wrote to memory of 4848	1868	cmd.exe	84
PID 1868 wrote to memory of 4848	1868	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\46929b38630978dbfb4cba90908abfc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\46929b38630978dbfb4cba90908abfc0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1868
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4848

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a78750f81a30d1da16ac90088b691443

SHA1
5e6c6fc526de373c9fc497642328314718897028

SHA256
88b8b5b79cc4637351586c8970ea4b1da5c2024ce8106928ab3726115f8fc177

SHA512
57b79428e2cd400d225c3bfa756b14453890ec5b45467bc6d7e741a8ac3af3a838c9c5dc3b6a7f4cf9618b431e3b6a8172a0f31daa023118cd5eb19a982cdab8

Download Submit
memory/3632-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4848-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download