652ffb97ffe66f71f18ab76325478036fd842d43c75e9674d6423a88f5998d06

Analysis

max time kernel
133s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 00:01

Target

0e719bb1d5153dd8f1ed026ec9afebd0_NeikiAnalytics.exe
Size

79KB
MD5

0e719bb1d5153dd8f1ed026ec9afebd0
SHA1

80336f94efad8e2f44609099a097c8bd951182d7
SHA256

652ffb97ffe66f71f18ab76325478036fd842d43c75e9674d6423a88f5998d06
SHA512

5934fb6362f05267ecfc0da70270880d18cd8ef59e83649812dc9428e640f3aff301d34ce5dc32118b9725f6da4b86caf9cd6119dcc76b698793b69eecf080e1
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yTB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyTN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1588	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 956	1476	0e719bb1d5153dd8f1ed026ec9afebd0_NeikiAnalytics.exe	83
PID 1476 wrote to memory of 956	1476	0e719bb1d5153dd8f1ed026ec9afebd0_NeikiAnalytics.exe	83
PID 1476 wrote to memory of 956	1476	0e719bb1d5153dd8f1ed026ec9afebd0_NeikiAnalytics.exe	83
PID 956 wrote to memory of 1588	956	cmd.exe	84
PID 956 wrote to memory of 1588	956	cmd.exe	84
PID 956 wrote to memory of 1588	956	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\0e719bb1d5153dd8f1ed026ec9afebd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0e719bb1d5153dd8f1ed026ec9afebd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1588

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c21edfe2c638f6252749ee46c88ef0fe

SHA1
7da4245695ae4110094953b8c4014b98f2f6ae00

SHA256
2359ab4e631c0d8cc8f30cc4cba563b89ccc3a98aaee52b1f713c2ec1b25e91f

SHA512
c5faf43df4137dcadc05e9fdb92c6bd669f347d008dba7bd8b69cedfaf945ac3a2e92824920e5522ba6f1260395c869c1adde183d12a6631af2bd70599591add

Download Submit
memory/1476-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1588-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download