4b480b67e6c6a52523996237ec32eadff33cc09262b59a8c30c20057d96ee393

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 02:56

Target

1b5f72e016c846bdcfa200c6e73e3520_NeikiAnalytics.exe
Size

73KB
MD5

1b5f72e016c846bdcfa200c6e73e3520
SHA1

74fa6ba2df6dd1846b54d73d8706ae8e0e42bf81
SHA256

4b480b67e6c6a52523996237ec32eadff33cc09262b59a8c30c20057d96ee393
SHA512

b3f14c37d043f7745c2713202e2c2280067fef7405783727bdbb0a8dde1c7f195fc7fed5dc30d35e530b79d2960490268df4fdd890d504ed8ea2ef6946b5639a
SSDEEP

1536:hbO0llp4JuLK5QPqfhVWbdsmA+RjPFLC+e5hG0ZGUGf2g:hTlp4WNPqfcxA+HFshGOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3228	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 2268	3864	1b5f72e016c846bdcfa200c6e73e3520_NeikiAnalytics.exe	83
PID 3864 wrote to memory of 2268	3864	1b5f72e016c846bdcfa200c6e73e3520_NeikiAnalytics.exe	83
PID 3864 wrote to memory of 2268	3864	1b5f72e016c846bdcfa200c6e73e3520_NeikiAnalytics.exe	83
PID 2268 wrote to memory of 3228	2268	cmd.exe	84
PID 2268 wrote to memory of 3228	2268	cmd.exe	84
PID 2268 wrote to memory of 3228	2268	cmd.exe	84
PID 3228 wrote to memory of 624	3228	[email protected]	85
PID 3228 wrote to memory of 624	3228	[email protected]	85
PID 3228 wrote to memory of 624	3228	[email protected]	85

C:\Users\Admin\AppData\Local\Temp\1b5f72e016c846bdcfa200c6e73e3520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b5f72e016c846bdcfa200c6e73e3520_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3228
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:624

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
340adf64bbd23c23f08f7247061446a8

SHA1
28f64d9c87a4e97278ddfce3392ad52322edfc8f

SHA256
63a75c9d4598f4c87f2dfdb2400adb03b4cb9d26656d1cd274215196ea94d667

SHA512
9d0015a699626496bb5d0bd235cdc8c47014c7d6b7bd69263bd18ce23f8c4ee759aa22fd216394fe41b96db25dc83419c327d166b82e5b9068380010c94b297a

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3228-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3864-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download