41eb1517308ce07795bfa327226a51f27ad27b89a72130e1bdbf9c9fdaae5fa8

Analysis

max time kernel
131s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 05:46

Target

751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe
Size

79KB
MD5

751105ee78c8f333f667b970c6917150
SHA1

348f4cd74282aa25fec6cdf4101faefcec3be156
SHA256

41eb1517308ce07795bfa327226a51f27ad27b89a72130e1bdbf9c9fdaae5fa8
SHA512

8a08d6d8e5c3012b984787ef549e862c8230043fab139460c43a4e4da4017fc119fa3ffad83f0b7c703149d7c4786462dec9bfa668474471f1a3c1c751ff9ca1
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2904	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 2696	4272	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	84
PID 4272 wrote to memory of 2696	4272	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	84
PID 4272 wrote to memory of 2696	4272	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	84
PID 2696 wrote to memory of 2904	2696	cmd.exe	85
PID 2696 wrote to memory of 2904	2696	cmd.exe	85
PID 2696 wrote to memory of 2904	2696	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2904

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
52511ece00fba98e110361d73da4995d

SHA1
ead22ecc6141595cb5214c348bbdfccfaa575416

SHA256
e451b83b83e2ae14a8828a123ae9a2d86ac7498b9382d2dd751dd2b99269d8f0

SHA512
16537fd695b960567022ffede097118468ccd0b3f9b419d8cadd8726b2bf4adfd17979144b50f18bdb4d637ead1ee60425ed4c71f5f6df41add8b5a8f697b0aa

Download Submit
memory/2904-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4272-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download