9becae9f534f63ec9bdeb33a81f33fa484a008bc62145a1f4b51c210257f816d

Analysis

max time kernel
149s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 16:10

Target

11d27ca055eece72f4c961c0fdcd2310_NeikiAnalytics.exe
Size

79KB
MD5

11d27ca055eece72f4c961c0fdcd2310
SHA1

adf86dd5cdbce5eb948bd41754361fb7ebc18229
SHA256

9becae9f534f63ec9bdeb33a81f33fa484a008bc62145a1f4b51c210257f816d
SHA512

465e9c7f43e49b55fcfc941f9df8e8c7d4b49f34b6ed55148be33d909b8c7fecaccdd604781a062d85805c1a33140943dcfb1836547f2135f89a8f5ee08dd465
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5ylB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMylN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2180	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 4640	3516	11d27ca055eece72f4c961c0fdcd2310_NeikiAnalytics.exe	83
PID 3516 wrote to memory of 4640	3516	11d27ca055eece72f4c961c0fdcd2310_NeikiAnalytics.exe	83
PID 3516 wrote to memory of 4640	3516	11d27ca055eece72f4c961c0fdcd2310_NeikiAnalytics.exe	83
PID 4640 wrote to memory of 2180	4640	cmd.exe	84
PID 4640 wrote to memory of 2180	4640	cmd.exe	84
PID 4640 wrote to memory of 2180	4640	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\11d27ca055eece72f4c961c0fdcd2310_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\11d27ca055eece72f4c961c0fdcd2310_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4640
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2180

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7e6f868096197a58db38470e1c68a76b

SHA1
db8c072ea5c445b16732d4d3ca5bf5154256be7e

SHA256
cf073820e193f1ae84975454fee02a9db3382c3129f45a3b826ef26852e2b0d1

SHA512
8179d822955685f0b3a834b4902ecde81d81e6bb1d9af12ae6e550ba89784109ceeb9be3e4880adc44316af498f071c0308d70b6d6f11cf2c3d2d27b3387d028

Download Submit
memory/2180-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3516-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download