10bd944a6317886a8739baebfce9b43c7f4003a122d50d7bb7f0bc3fb7d8c4d4

Analysis

max time kernel
93s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 17:07

Target

16b8384bef6d2f643582d2fbf7a5fa20_NeikiAnalytics.exe
Size

79KB
MD5

16b8384bef6d2f643582d2fbf7a5fa20
SHA1

093eb8f430e9149438df3d61993e7b379d73edf9
SHA256

10bd944a6317886a8739baebfce9b43c7f4003a122d50d7bb7f0bc3fb7d8c4d4
SHA512

73cc78dc007aa5b1df1ecfdd41ba3f5ab078879b8bf7ead005720916e53377e0897f2fdbf7e1e36d397b7452bb2001ae2b9283332a73315351e7b98be42dd48c
SSDEEP

1536:zvI+hUIvhCXa+buOQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zvIMUV77GdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2292	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 3488	2696	16b8384bef6d2f643582d2fbf7a5fa20_NeikiAnalytics.exe	85
PID 2696 wrote to memory of 3488	2696	16b8384bef6d2f643582d2fbf7a5fa20_NeikiAnalytics.exe	85
PID 2696 wrote to memory of 3488	2696	16b8384bef6d2f643582d2fbf7a5fa20_NeikiAnalytics.exe	85
PID 3488 wrote to memory of 2292	3488	cmd.exe	86
PID 3488 wrote to memory of 2292	3488	cmd.exe	86
PID 3488 wrote to memory of 2292	3488	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\16b8384bef6d2f643582d2fbf7a5fa20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\16b8384bef6d2f643582d2fbf7a5fa20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3488
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2292

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5cc6082d8a9f351cae3e0364ae67850f

SHA1
6f105b437ec0bf4a662df867fe5960f837037d01

SHA256
cdfa9f80ac18e86f5c35089d0fe2e34e15b4e3d96316e71cd31d7dc4a0f0cba9

SHA512
2156fe6369fa2c741b811c3eefa7c1acee8eb81f0dce359e1bd60dd63279c0620caf243cb15a454330a8342d9ac28c83079734f8e684dff99d345b9d135d4b46

Download Submit
memory/2292-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2696-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download