7444e9d1cf3a7feb2340f6740656e9e1f67c8fef2214836ec8e1d9848ef4720f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 22:52

Target

23e45f53bac5201ea1662fb66ca2bbb0_NeikiAnalytics.exe
Size

79KB
MD5

23e45f53bac5201ea1662fb66ca2bbb0
SHA1

9742579d5dae82e497b00b50bd54810e3733e3ba
SHA256

7444e9d1cf3a7feb2340f6740656e9e1f67c8fef2214836ec8e1d9848ef4720f
SHA512

8932d0b826bcc5378b9d19e1b75a3fe7b530cd50b48e2a674c9192ac74ac87d5469966bcc79a3e69b616054e6030b43a3b8b9bc28cc2ad8a81076ce463e3e78d
SSDEEP

1536:zvHgmPJc1bOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvHgmRc1KGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1548	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2628	2664	23e45f53bac5201ea1662fb66ca2bbb0_NeikiAnalytics.exe	84
PID 2664 wrote to memory of 2628	2664	23e45f53bac5201ea1662fb66ca2bbb0_NeikiAnalytics.exe	84
PID 2664 wrote to memory of 2628	2664	23e45f53bac5201ea1662fb66ca2bbb0_NeikiAnalytics.exe	84
PID 2628 wrote to memory of 1548	2628	cmd.exe	85
PID 2628 wrote to memory of 1548	2628	cmd.exe	85
PID 2628 wrote to memory of 1548	2628	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\23e45f53bac5201ea1662fb66ca2bbb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\23e45f53bac5201ea1662fb66ca2bbb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1548

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
cf94cf4392b79e79868d4b47c2f92045

SHA1
4498d1123ddbecfb3c33f97db1825b19089a51da

SHA256
67ef35eba5e62e5fb9f0e3d53d6157ea751783f99cedc5268dc33af05953f4aa

SHA512
ffc4b8288965ea71fc1d2b3d1b63f00a1f49ee7a5b236f59012a6f087cc25dd9b0a45e1ce11c7abf3136c75fed2e183d4a6dfa33147b0949fff6beeddab89bd7

Download Submit
memory/1548-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2664-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download