2a8d273a1a20f1ae40823a8a7304accd189ae648ada2500121acca3f18035700

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 16:24

Target

1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe
Size

79KB
MD5

1325dbe1c3767432caec068bb48696b0
SHA1

b869933ada1545e6929b9865f7084aed9fcbe868
SHA256

2a8d273a1a20f1ae40823a8a7304accd189ae648ada2500121acca3f18035700
SHA512

636971873b925aac64353ffad2cd439d35c6ff82e0475a7e196032d2f09c841cec347441f0349d94cd4a431e55f3083c1ff01a4ee7439acd86a98723f4cabc0e
SSDEEP

1536:zvqdANke+cTyY27OQA8AkqUhMb2nuy5wgIP0CSJ+5ytB8GMGlZ5G:zvqSye+ElGdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4348	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 2776	4188	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	86
PID 4188 wrote to memory of 2776	4188	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	86
PID 4188 wrote to memory of 2776	4188	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	86
PID 2776 wrote to memory of 4348	2776	cmd.exe	87
PID 2776 wrote to memory of 4348	2776	cmd.exe	87
PID 2776 wrote to memory of 4348	2776	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4348

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5fc7806bd67dea3e5eb5ccc0a4f5e342

SHA1
a327df37961979ca5488c100d54960fc1cdc4546

SHA256
2af071ef9975cd65cb5e5605ac7f6ebc3a12c9be43719e0d190016ba4a898bf1

SHA512
4abc3731e371999c1111ba2075c044e24729b7627a0f4a7bed04e406587bd9dcc6a1682b6eca143de4414e14afb3a72a33546cbe27d160c1da420e7fd53a4329

Download Submit
memory/4188-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4348-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download