de77a9b7eb4b30c9a5e6f2e562382b873bf1269afa31f1c8c0c394f1718e0b01

Analysis

max time kernel
135s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 06:28

Target

7c8f1442744d9a050ad07e4dbff3c160_NeikiAnalytics.exe
Size

79KB
MD5

7c8f1442744d9a050ad07e4dbff3c160
SHA1

4e069a1c19081c35e6a02a2a2e43997f2be6cdb5
SHA256

de77a9b7eb4b30c9a5e6f2e562382b873bf1269afa31f1c8c0c394f1718e0b01
SHA512

73c62fc4de78533012f413fd3a99afa014e1077f84242ff67ed6c6d37a7a6b5773735bf572c6d41b9d72c8df02cc7812e91cd7f18c502a0da3d18ecf34e18cb1
SSDEEP

1536:zvAGxcVqjZf0T78OQA8AkqUhMb2nuy5wgIP0CSJ+5yeB8GMGlZ5G:zvAGGIfO9GdqU7uy5w9WMyeN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4004	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1056	2288	7c8f1442744d9a050ad07e4dbff3c160_NeikiAnalytics.exe	83
PID 2288 wrote to memory of 1056	2288	7c8f1442744d9a050ad07e4dbff3c160_NeikiAnalytics.exe	83
PID 2288 wrote to memory of 1056	2288	7c8f1442744d9a050ad07e4dbff3c160_NeikiAnalytics.exe	83
PID 1056 wrote to memory of 4004	1056	cmd.exe	84
PID 1056 wrote to memory of 4004	1056	cmd.exe	84
PID 1056 wrote to memory of 4004	1056	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\7c8f1442744d9a050ad07e4dbff3c160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7c8f1442744d9a050ad07e4dbff3c160_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4004

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e3fcff822b634ea91e6e9cd8afb575dc

SHA1
3f89cab668c71492dd3ae5136940d4f62403614e

SHA256
9cdc6339c31af612825738f4756f2d8d9740fe72bed1257651a49692908c89db

SHA512
16ff3885df82cd7b4c2b64bf2d35511fc51910351cf753c0c8f5451fed58392c4a3344259cd1b2cb02ddecbd24e665343ed46de36121412333f1f9b253afcb59

Download Submit
memory/2288-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4004-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download