4df90c2da26bbfb923989b314a9ee5e745beffd41ca226447d774be5229082cf

Analysis

max time kernel
132s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 19:11

Target

f454bdd920fa301f922ee87f0ac2f3b0_NeikiAnalytics.exe
Size

79KB
MD5

f454bdd920fa301f922ee87f0ac2f3b0
SHA1

f5c910f9a1f78cd42fc01b029054546b17b53c9b
SHA256

4df90c2da26bbfb923989b314a9ee5e745beffd41ca226447d774be5229082cf
SHA512

51a324d0f03913aee9aa68b45bc31cb775ae940fcfc5ecd0dad6000010757aa25d409e43a84c1725dd2889607bdf11c83c933db165745c165d61bb7d05283363
SSDEEP

1536:zvE5G5t11t9aOQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zvH5VtBGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
512	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 2600	220	f454bdd920fa301f922ee87f0ac2f3b0_NeikiAnalytics.exe	84
PID 220 wrote to memory of 2600	220	f454bdd920fa301f922ee87f0ac2f3b0_NeikiAnalytics.exe	84
PID 220 wrote to memory of 2600	220	f454bdd920fa301f922ee87f0ac2f3b0_NeikiAnalytics.exe	84
PID 2600 wrote to memory of 512	2600	cmd.exe	85
PID 2600 wrote to memory of 512	2600	cmd.exe	85
PID 2600 wrote to memory of 512	2600	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\f454bdd920fa301f922ee87f0ac2f3b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\f454bdd920fa301f922ee87f0ac2f3b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:512

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4c6bc48183eb01bdca39c49b2087aa8e

SHA1
2fb39174d5af27f2a4174672378556bcee46e6b9

SHA256
42334138b36f086fcd1a6fe3251a9686a17d4cacd91db0557fdabe1d33dfcf04

SHA512
f2b7e1f89527d581defeb1f997f12db42354dd3a8e4cdf6feeb60d9e2c56178b22b037ba43e473e7174fa42b7fe9e9c79f98478d4d6626af21b968e61f419f84

Download Submit
memory/220-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/512-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download