297467963fb79f407afe4861fa8ad2c69b2684041fd99beb5b24519b4313e78a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 00:51

Target

12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
Size

79KB
MD5

12100df35869f6dd51d0a164a556df00
SHA1

6a58d6562a129d6dc14b5ea70a581fffeabdc07a
SHA256

297467963fb79f407afe4861fa8ad2c69b2684041fd99beb5b24519b4313e78a
SHA512

82583fd870cc22e2aced7ce7bfa8d67b8509d2e8e12ae6d72e66830732711a0d1cda346fe0c3c67f3cb188916329cf63ccd29885b379df56196b5849f46312de
SSDEEP

1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4600	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 1268	4880	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	84
PID 4880 wrote to memory of 1268	4880	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	84
PID 4880 wrote to memory of 1268	4880	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	84
PID 1268 wrote to memory of 4600	1268	cmd.exe	85
PID 1268 wrote to memory of 4600	1268	cmd.exe	85
PID 1268 wrote to memory of 4600	1268	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1268
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4600

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7b36d370766b88fac679230be2558a32

SHA1
8c14799f173c4fa2359ed138b03ef6cb911077e5

SHA256
69920a82806a226a62d617088de27ccbadec383ce36adc7364867fbbdc7f60f7

SHA512
050792dd2760eedc3d83422ed0339866a76c78742996432d2d07a3fed6ca91fed6695e3daedb07be956fc4ebc2f447f7ef23f8853739d98ef5d6666241c45ff9

Download Submit
memory/4600-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4880-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download