4b63dc3c8e90ef095989e53256a8b7f990c0db28c2a11e2fba23313723f85873

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 08:25

Target

5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe
Size

79KB
MD5

5a776d9325582a8eba6d08b8e4ae2260
SHA1

4d8b45b7de4804121616debf527e665ada169ee5
SHA256

4b63dc3c8e90ef095989e53256a8b7f990c0db28c2a11e2fba23313723f85873
SHA512

b8fd65d9e5b4d557becbd7fa45a5982620503b6cdc172178224894b2c8ce4a4f67a90c26114d056b5c73474a0925ee19edf709a5eafeae8fab47aa7231d8e3c6
SSDEEP

1536:zvE4jn835XRvWOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvLj8RRrGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2268	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2172	1936	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	83
PID 1936 wrote to memory of 2172	1936	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	83
PID 1936 wrote to memory of 2172	1936	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	83
PID 2172 wrote to memory of 2268	2172	cmd.exe	84
PID 2172 wrote to memory of 2268	2172	cmd.exe	84
PID 2172 wrote to memory of 2268	2172	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2268

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6d4b360221d7561196a87184fcae9fb5

SHA1
6fd8c4ee41f2dd4624382e77e98e9a8f67c3a3c8

SHA256
8d602ac47c3d9eea48a1879f8e73c6059176f912d9eadc98da4556bb53cdbd8e

SHA512
963d93449512be18ab7e1c41a2cbe6868d2a9c4597072ab43642d23af887cdd0f797cd5c432fefbc8b98fa2b9cbfe0fc0e9297da7b9d7c96adf75a7acc7b204d

Download Submit
memory/1936-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2268-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download