baad681781707e573101f5c42257697f7535ce655e0bfba8bdd5cbff160d61f2

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 08:02

Target

263b8290ea2a28243b2dde66eb4c6e20_NeikiAnalytics.exe
Size

79KB
MD5

263b8290ea2a28243b2dde66eb4c6e20
SHA1

8f99e7430ade957dd45f35d7115703057b37b2ca
SHA256

baad681781707e573101f5c42257697f7535ce655e0bfba8bdd5cbff160d61f2
SHA512

e91b92eb1116f5a47f2014800cb6ce20c3a45a94514f1a39a33817bb1429dce7f9c8ab8c33dcc572255730d96ab345abc99f0b92c4a4c2b546e55f871bf22069
SSDEEP

1536:zvDDZmDCzNkEaXOQA8AkqUhMb2nuy5wgIP0CSJ+5yrB8GMGlZ5G:zvu4NR7GdqU7uy5w9WMyrN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1392	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 4472	2580	263b8290ea2a28243b2dde66eb4c6e20_NeikiAnalytics.exe	83
PID 2580 wrote to memory of 4472	2580	263b8290ea2a28243b2dde66eb4c6e20_NeikiAnalytics.exe	83
PID 2580 wrote to memory of 4472	2580	263b8290ea2a28243b2dde66eb4c6e20_NeikiAnalytics.exe	83
PID 4472 wrote to memory of 1392	4472	cmd.exe	84
PID 4472 wrote to memory of 1392	4472	cmd.exe	84
PID 4472 wrote to memory of 1392	4472	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\263b8290ea2a28243b2dde66eb4c6e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\263b8290ea2a28243b2dde66eb4c6e20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1392

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e089dd881375d4b4b26ece7b99be7f01

SHA1
50d26ddd4ecf76c70557b180453b6ae94bb0cfe2

SHA256
c8eda8a9aaf1ac8dcbc5bd489f8f1c8e7fe22aa1ec81be81160bd4bcb66ec9f3

SHA512
bfeee10213e199b111692dcd68be088b5c96fd8aa5653471682a2a96c5678cdd919e02875f5d6ad81b36f3c2cf4f3fd49cb3b6e1f9b8f4c30939aa2f4a8edcdd

Download Submit
memory/1392-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2580-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download