905564d035f4dcab77ffb88cd4c299271683f5ad8b01fe380319d5b02f2b1e07

Analysis

max time kernel
129s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 03:48

Target

1d7b4133d572b65c168b2f92ed17e270_NeikiAnalytics.exe
Size

79KB
MD5

1d7b4133d572b65c168b2f92ed17e270
SHA1

b00fc3f52b3f43e5ea8fd2b3ba3aaa91729dc886
SHA256

905564d035f4dcab77ffb88cd4c299271683f5ad8b01fe380319d5b02f2b1e07
SHA512

f455616297ef3ba4c7747c33860e400c6bcd84fd4e748ebcb3eadc4710830cc784363a94c6b71429fe4390514d5d8340160351b54a5a4a2330581a2b6a8640df
SSDEEP

1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3808	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1144	736	1d7b4133d572b65c168b2f92ed17e270_NeikiAnalytics.exe	84
PID 736 wrote to memory of 1144	736	1d7b4133d572b65c168b2f92ed17e270_NeikiAnalytics.exe	84
PID 736 wrote to memory of 1144	736	1d7b4133d572b65c168b2f92ed17e270_NeikiAnalytics.exe	84
PID 1144 wrote to memory of 3808	1144	cmd.exe	85
PID 1144 wrote to memory of 3808	1144	cmd.exe	85
PID 1144 wrote to memory of 3808	1144	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\1d7b4133d572b65c168b2f92ed17e270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1d7b4133d572b65c168b2f92ed17e270_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3808

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e9e2db0228f8767380273e658c72664e

SHA1
f5fe25c2be1bf095c2000a38f3fd54759bf74112

SHA256
ac6c6e4f1b79025c194c0f3d91a358d9d9aa324b76c8a41cb9304ff880dcdecb

SHA512
bfea18c3ac0eccd6c3845cbccf4126d6c3542d82e72ebf3dca3faeeb668205317ad1556b84b516b2694ce86fa3c8f884d2d9d4ce798876ec3155fb92ce967819

Download Submit
memory/736-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3808-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download