a1b7734eadec0cf2a1225659297ab05704367e2bd52dc8587d53705d5ff8be82

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 10:35

Target

c25042b27ec7ca2571a45372fc75c690_NeikiAnalytics.exe
Size

79KB
MD5

c25042b27ec7ca2571a45372fc75c690
SHA1

fd92fdabf9705ba057a3345ef2dec3d1b7afd167
SHA256

a1b7734eadec0cf2a1225659297ab05704367e2bd52dc8587d53705d5ff8be82
SHA512

1a8756cb82ba1eff0b8fbb35a6c77139be612edb62191d66ea47fb535656c040d9d00da05a9f070cac50f30d9fe39582e5366064af7d823dcecbd231b5deebe3
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5yEB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMyEN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4684	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 3956	2700	c25042b27ec7ca2571a45372fc75c690_NeikiAnalytics.exe	84
PID 2700 wrote to memory of 3956	2700	c25042b27ec7ca2571a45372fc75c690_NeikiAnalytics.exe	84
PID 2700 wrote to memory of 3956	2700	c25042b27ec7ca2571a45372fc75c690_NeikiAnalytics.exe	84
PID 3956 wrote to memory of 4684	3956	cmd.exe	85
PID 3956 wrote to memory of 4684	3956	cmd.exe	85
PID 3956 wrote to memory of 4684	3956	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\c25042b27ec7ca2571a45372fc75c690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c25042b27ec7ca2571a45372fc75c690_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4684

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
98e8f049f0e713ac2ce57ffc65f1c944

SHA1
dfc275d2033fc901ae5dad26d0a36db8b72844a5

SHA256
d09730af5e8ec7a93d64952cd7246d66f3a7e259397de53cc33f1a0f17049277

SHA512
ffa64d81728f5acd6ef9beae415e58617bb9d457c11e26e3a642f409dd03c81b03aa8a3c5c6700f7ed52dfb18940d22289777bbe9e3486519f9092b3c4d2853f

Download Submit
memory/2700-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4684-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download