1dfd2bd342d21661ba052512a289f606835d325119b0f386ece5aa72adf3b539

Analysis

max time kernel
90s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 02:59

Target

1b79b4094411dbfa752065619e6dea60_NeikiAnalytics.exe
Size

79KB
MD5

1b79b4094411dbfa752065619e6dea60
SHA1

990904c3f53dc5b828c1480dfc71f1d3e1ac1263
SHA256

1dfd2bd342d21661ba052512a289f606835d325119b0f386ece5aa72adf3b539
SHA512

a73561f82e2ed9adafc821d362bacc7486b051e474151b9416df179f4e27559f7bc86804c2788cb36cecc7389dc49178b534bb95c0e07698fcbebc97ac4664c4
SSDEEP

1536:zvDDZmDCzNkEaXOQA8AkqUhMb2nuy5wgIP0CSJ+5y8B8GMGlZ5G:zvu4NR7GdqU7uy5w9WMy8N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2104	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 5108	2248	1b79b4094411dbfa752065619e6dea60_NeikiAnalytics.exe	83
PID 2248 wrote to memory of 5108	2248	1b79b4094411dbfa752065619e6dea60_NeikiAnalytics.exe	83
PID 2248 wrote to memory of 5108	2248	1b79b4094411dbfa752065619e6dea60_NeikiAnalytics.exe	83
PID 5108 wrote to memory of 2104	5108	cmd.exe	84
PID 5108 wrote to memory of 2104	5108	cmd.exe	84
PID 5108 wrote to memory of 2104	5108	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\1b79b4094411dbfa752065619e6dea60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b79b4094411dbfa752065619e6dea60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2104

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d6deb41f98b24366260fcd7639ae8f61

SHA1
3eeb67701c3d4a0578fdc0390acf2614a3701194

SHA256
e00cd2879f9f4a7594f132ab57e69ff4f555947b18b22f61894fed7d34c10102

SHA512
a895e4b2ad60487b1b29ecd2929f653cac273ae0136b6d01a3c384d1c4bf05a6a631d88e2dc2da6525cb7ed2d383712e4397d6422a4ac8fa95d8083a484f3902

Download Submit
memory/2104-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2248-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download