a20c6eb6239191aa4dc5afe56ed0c9cae45d5da5cb610b97bf9870577d53584f

Analysis

max time kernel
133s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 05:51

Target

75eb09d7aeeac5e637d661cfabbb3980_NeikiAnalytics.exe
Size

79KB
MD5

75eb09d7aeeac5e637d661cfabbb3980
SHA1

e35c5f73808b274739c161573125b52c0163c489
SHA256

a20c6eb6239191aa4dc5afe56ed0c9cae45d5da5cb610b97bf9870577d53584f
SHA512

5f8d76b9a3084fe4677a031dd587330a92c1dbd39ddbb0956812d5a330fc00f3b87f094a1c7ebc6038c0bff07cb0ec5f3395878eff28f778bcc7bda2025900b2
SSDEEP

1536:zvTHcsSgtOb+hUeTcWfjvZ7OQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvTTPUtgvoGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4132	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 4756	1324	75eb09d7aeeac5e637d661cfabbb3980_NeikiAnalytics.exe	84
PID 1324 wrote to memory of 4756	1324	75eb09d7aeeac5e637d661cfabbb3980_NeikiAnalytics.exe	84
PID 1324 wrote to memory of 4756	1324	75eb09d7aeeac5e637d661cfabbb3980_NeikiAnalytics.exe	84
PID 4756 wrote to memory of 4132	4756	cmd.exe	85
PID 4756 wrote to memory of 4132	4756	cmd.exe	85
PID 4756 wrote to memory of 4132	4756	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\75eb09d7aeeac5e637d661cfabbb3980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\75eb09d7aeeac5e637d661cfabbb3980_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4756
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4132

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0b8cd75c302c583652c0878de1b08e3c

SHA1
a3beee2755cd9fbb3abb647709bb16d3ab28beae

SHA256
582a22c53c57ad5f5ebfbb727f4bba7c2e720ad4f5d829d178fc761f4e928abc

SHA512
ee3a263734eb744ea2ae10b4a66e0cb035d3690327256a3ebd94df5106876bbafa3357d775219c83ecd96990ef2cb1867f384010904bf853fdc5ad789c943eaf

Download Submit
memory/1324-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4132-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download