fe91056f335e3b573e8080f6ac2321e9b9ca6652c979e33e57524fa438ae9932

Analysis

max time kernel
133s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 05:12

Target

6e51e55af9ef0a2bd1b558d4ec1dd1f0_NeikiAnalytics.exe
Size

79KB
MD5

6e51e55af9ef0a2bd1b558d4ec1dd1f0
SHA1

0ee4f82ac21c722e9f7d37a5b7d792ef1605da7a
SHA256

fe91056f335e3b573e8080f6ac2321e9b9ca6652c979e33e57524fa438ae9932
SHA512

3da4ed62f50a977bbd6ff89cc67298bbd8d453fd5de77ea316b02ac5f4aebd6afbb3dc1c7472ca694952cb18b7909389d526ef7d25d46ead2da418987b40256c
SSDEEP

1536:zvOjaGdq/bOXbIv3YOQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zvOjapaYGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1184	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 752	748	6e51e55af9ef0a2bd1b558d4ec1dd1f0_NeikiAnalytics.exe	84
PID 748 wrote to memory of 752	748	6e51e55af9ef0a2bd1b558d4ec1dd1f0_NeikiAnalytics.exe	84
PID 748 wrote to memory of 752	748	6e51e55af9ef0a2bd1b558d4ec1dd1f0_NeikiAnalytics.exe	84
PID 752 wrote to memory of 1184	752	cmd.exe	85
PID 752 wrote to memory of 1184	752	cmd.exe	85
PID 752 wrote to memory of 1184	752	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\6e51e55af9ef0a2bd1b558d4ec1dd1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6e51e55af9ef0a2bd1b558d4ec1dd1f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1184

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b36dd000dc02c9f8dd80173890628246

SHA1
c12511f0532b498cbdd7a0f93014bd533d8c1526

SHA256
25888d5f0f14870418999fba248dacaf447ac3522c16f12e04dab4d531427ddd

SHA512
fd5062d1180dd3fc3fde613723c01ea30949519941d6733bc27dc2a1c4a9c4d01aea010d32764020f0e6215d8fe0338701af5db5c2d1679f80bf57b0b05f9431

Download Submit
memory/748-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1184-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download