e2f76d9eb34cd890c07d107a9b2274488af68fa1eb9cc27186e190e02da591f9

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 06:31

Target

7d31226800d31f5859497e98e8383b00_NeikiAnalytics.exe
Size

79KB
MD5

7d31226800d31f5859497e98e8383b00
SHA1

7535fa04a9b253350aa6ad52ecd826b74e2b0f9f
SHA256

e2f76d9eb34cd890c07d107a9b2274488af68fa1eb9cc27186e190e02da591f9
SHA512

56e1edb80ca669266e033b32557e62e6b5b4c36cf1abd395bfad82136a9b379a8be10b2d82be7a5bb758d31cbd7c723eb5d49e3ae7fdc4b0c4d2b14eed7aaa77
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5ypB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMypN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
220	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 752	2284	7d31226800d31f5859497e98e8383b00_NeikiAnalytics.exe	85
PID 2284 wrote to memory of 752	2284	7d31226800d31f5859497e98e8383b00_NeikiAnalytics.exe	85
PID 2284 wrote to memory of 752	2284	7d31226800d31f5859497e98e8383b00_NeikiAnalytics.exe	85
PID 752 wrote to memory of 220	752	cmd.exe	86
PID 752 wrote to memory of 220	752	cmd.exe	86
PID 752 wrote to memory of 220	752	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\7d31226800d31f5859497e98e8383b00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d31226800d31f5859497e98e8383b00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:220

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2cf51f309ffed47034de7e5d5cc01bbf

SHA1
fafcc5976fea6ae43ab17b83892ce52b2612c9e9

SHA256
87849b8382ce3d508d08fd7a564eaa301937ccd008249d4233e4baf9b57ec709

SHA512
5d10e9295379bcd1c51cca862e00b1e39b4aad8a7ca6513f5d5fffbdee30421922eac848567866a3d5525712270eda193c3d510888d2123fbad79bc35fa933e4

Download Submit
memory/220-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2284-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download