0d8adae3f9800363fe2fe58f105f15edc8bc07783247b7ad429c1afbd2fb939d

Analysis

max time kernel
131s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 08:40

Target

9c0c8a1480715245a1be5cc9c1e653e0_NeikiAnalytics.exe
Size

79KB
MD5

9c0c8a1480715245a1be5cc9c1e653e0
SHA1

2f5b7c45b42b350c2289d027f9d89fd8d02b3bb2
SHA256

0d8adae3f9800363fe2fe58f105f15edc8bc07783247b7ad429c1afbd2fb939d
SHA512

0a54c1607b18248c83fe809192e8aa75165a8d79272bdfef25dc37e78758ded904f9d58d1df7fce67a46d673f84c809d05aac7fcc7861c70e9dedf28b0700c91
SSDEEP

1536:zvSPRRRf384f0+zOQA8AkqUhMb2nuy5wgIP0CSJ+5ynB8GMGlZ5G:zv0RRRfZfQGdqU7uy5w9WMynN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4984	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 1668	2692	9c0c8a1480715245a1be5cc9c1e653e0_NeikiAnalytics.exe	83
PID 2692 wrote to memory of 1668	2692	9c0c8a1480715245a1be5cc9c1e653e0_NeikiAnalytics.exe	83
PID 2692 wrote to memory of 1668	2692	9c0c8a1480715245a1be5cc9c1e653e0_NeikiAnalytics.exe	83
PID 1668 wrote to memory of 4984	1668	cmd.exe	84
PID 1668 wrote to memory of 4984	1668	cmd.exe	84
PID 1668 wrote to memory of 4984	1668	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\9c0c8a1480715245a1be5cc9c1e653e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9c0c8a1480715245a1be5cc9c1e653e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4984

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a2df27c9c6def077a5efcaa528d64f7d

SHA1
6de4c455460df9d7d46b4dc9fba22f61c0dc4b99

SHA256
3e02d6d02c2a9d85226edc0a7e1f40a7725dfec55d8aface99ad632b6d2d527f

SHA512
04076947d7f9d4d9e942d8535ba575c586d384bc90233894cf35ec5b048d206a9a5e7f4be4463dd1afc8682c08a8bc1c01e7329fb88626784981853ad34f2586

Download Submit
memory/2692-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4984-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download