3218487b0b4cb62d19c9f491d96d9f45362af2abc2bbc8b6d4867d8dc6f2ecd7

Analysis

max time kernel
134s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 05:05

Target

6cb381ed464bdf24e98e60492b78b830_NeikiAnalytics.exe
Size

79KB
MD5

6cb381ed464bdf24e98e60492b78b830
SHA1

f6db1465ad6603f1dd55a5521e2801cfae417774
SHA256

3218487b0b4cb62d19c9f491d96d9f45362af2abc2bbc8b6d4867d8dc6f2ecd7
SHA512

c476127fa7cae340112f09ff90af6a9d8d327a3282b41042aa255bd3c42ee88edc79b228bdfc1c5aed9e04f614f51bed432f9b9318f48973ba4f95443a835bde
SSDEEP

1536:zvI/UIvqd/7oYvzsYaKOQA8AkqUhMb2nuy5wgIP0CSJ+5ysKCB8GMGlZ5G:zvIZqdDNsYa/GdqU7uy5w9WMysKCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4544	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 1056	1160	6cb381ed464bdf24e98e60492b78b830_NeikiAnalytics.exe	83
PID 1160 wrote to memory of 1056	1160	6cb381ed464bdf24e98e60492b78b830_NeikiAnalytics.exe	83
PID 1160 wrote to memory of 1056	1160	6cb381ed464bdf24e98e60492b78b830_NeikiAnalytics.exe	83
PID 1056 wrote to memory of 4544	1056	cmd.exe	84
PID 1056 wrote to memory of 4544	1056	cmd.exe	84
PID 1056 wrote to memory of 4544	1056	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\6cb381ed464bdf24e98e60492b78b830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6cb381ed464bdf24e98e60492b78b830_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4544

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7670a127553f9c7f4593a5d9c8a8e7c8

SHA1
0dd1729bae2da2389f68b725585f453b0727a131

SHA256
395e047a20607cbd276b41efa1834977a4683e05c45dc8d341a18cc3c62de1d8

SHA512
bed09cf733d89cbec451b3e2a40788f68fbd5f55576084c8b231ac214f6061f21cf5611b184776cf0e6e15b77229dd3c40c0840db942b268c584cac200927947

Download Submit
memory/1160-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4544-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download