6b3fed647d5e7171a084dca46129e7f5c0c1c4eea8c9785f5d3341e5e689b7e6

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 02:21

Target

51a093b25560824cbe299fa550033b10_NeikiAnalytics.exe
Size

73KB
MD5

51a093b25560824cbe299fa550033b10
SHA1

8783e81c1d2e70431f6dc6492a110000a9e68417
SHA256

6b3fed647d5e7171a084dca46129e7f5c0c1c4eea8c9785f5d3341e5e689b7e6
SHA512

ce8ab85cdaef4408efb812c81ac5b55a4c2d3386571880c5823efe4873783a118e49167df4935313f927d1c4ca42939f1d966753b3ed54dc2fe382b558bb8a80
SSDEEP

1536:hb6CZbDT3dl2ZrcnK5QPqfhVWbdsmA+RjPFLC+e5hv0ZGUGf2g:h3T3dl2BoNPqfcxA+HFshvOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4420	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 4884	1728	51a093b25560824cbe299fa550033b10_NeikiAnalytics.exe	84
PID 1728 wrote to memory of 4884	1728	51a093b25560824cbe299fa550033b10_NeikiAnalytics.exe	84
PID 1728 wrote to memory of 4884	1728	51a093b25560824cbe299fa550033b10_NeikiAnalytics.exe	84
PID 4884 wrote to memory of 4420	4884	cmd.exe	85
PID 4884 wrote to memory of 4420	4884	cmd.exe	85
PID 4884 wrote to memory of 4420	4884	cmd.exe	85
PID 4420 wrote to memory of 4044	4420	[email protected]	86
PID 4420 wrote to memory of 4044	4420	[email protected]	86
PID 4420 wrote to memory of 4044	4420	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\51a093b25560824cbe299fa550033b10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51a093b25560824cbe299fa550033b10_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4884
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4420
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:4044

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
059e31a691ae7233e4691098b09981fc

SHA1
ce3dc977f07f507f4b97b78e1d5936f334fb0223

SHA256
c8bf8b00700059e29d0914fe8038880cb356b80473feb0ba2473f2aac1ee48c2

SHA512
a718ddade6f898b0525d41b3f368dbd9f4d48f9733e5bbb96a9682ee9b1d4648f441a90a5f57dbfb33ebdda574350f1a6fe6e79f5a212f3a66bc2e4c19b6f660

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/1728-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4420-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download