33ecd6e06928cda223a1de384b2427769fa8cc5a8810eb79c30ba0c2b39b4ad3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 20:06

Target

dfef070a7f77f73db60d22c0d8c8e930_NeikiAnalytics.exe
Size

79KB
MD5

dfef070a7f77f73db60d22c0d8c8e930
SHA1

c63b96bf672b55ceb2bf8c155322deadc6ff7c73
SHA256

33ecd6e06928cda223a1de384b2427769fa8cc5a8810eb79c30ba0c2b39b4ad3
SHA512

1577569c31c209fcb7ecd5b1efa7428f6f0e77e0f8cc0ef75a4b638d3cea452c9093410d9ca977f08879a172726f240efde480940fc047871163782927ca1fc9
SSDEEP

1536:zvxVDuD1AYrOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvPqT6GdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4928	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 532	2888	dfef070a7f77f73db60d22c0d8c8e930_NeikiAnalytics.exe	84
PID 2888 wrote to memory of 532	2888	dfef070a7f77f73db60d22c0d8c8e930_NeikiAnalytics.exe	84
PID 2888 wrote to memory of 532	2888	dfef070a7f77f73db60d22c0d8c8e930_NeikiAnalytics.exe	84
PID 532 wrote to memory of 4928	532	cmd.exe	85
PID 532 wrote to memory of 4928	532	cmd.exe	85
PID 532 wrote to memory of 4928	532	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\dfef070a7f77f73db60d22c0d8c8e930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dfef070a7f77f73db60d22c0d8c8e930_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4928

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bce20d576e45063fece19aa8ff5a3bc1

SHA1
15b5517159b7f9f2a05f9e2313d04fb79d2e6a64

SHA256
27bfd5f8cc29b171f23ba0f99f44277a069f9780d14bd8958b28a17e15af997a

SHA512
08395996b9ec2fec1b90f845a3279d238633e74c213ff9a5fd596a450ef1e57b4c026f1a7d4a101b3717e5f9132a8a8ba379b43a56600c7b23b456a78f6f3999

Download Submit
memory/2888-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4928-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download