f1825ddace32fabdcb91bfb7ca26aa82ba446e88185ccc3d83461d6eab4e99f1

Analysis

max time kernel
130s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 13:30

Target

4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe
Size

79KB
MD5

4004bfb3baa4adcbd7a9508556634fe0
SHA1

b2d72a27d7526fcf86a88258de340dedb539be00
SHA256

f1825ddace32fabdcb91bfb7ca26aa82ba446e88185ccc3d83461d6eab4e99f1
SHA512

609bf2b0125dea85359e45fc33d1420bbe5c8332e05dd2cf5fd9bd9f87e29ac885b3006f7e9902eb94b0d351a850580010a5329eded6f277202fd29cb36f480a
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5y4B8GMGlZ5G:zvyCjubEGdqU7uy5w9WMy4N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2424	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 684	3168	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	84
PID 3168 wrote to memory of 684	3168	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	84
PID 3168 wrote to memory of 684	3168	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	84
PID 684 wrote to memory of 2424	684	cmd.exe	85
PID 684 wrote to memory of 2424	684	cmd.exe	85
PID 684 wrote to memory of 2424	684	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:684
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2424

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
60e9b4fe62385cd1d69d39855d1426c8

SHA1
1b52f32729c02001b7e5e3ba64468c565e19c4ab

SHA256
f68e47b40dafc48744275b8ee929d7a0ee0781f5bc9c86c00da2efe5191218be

SHA512
e32793b0862e001ea2bf8a3dacd579336c19c721c76ea7344529ae84dfdb939c08d4396791eb1a47f9e9af18967f838b4fc16f38d8045224068c7d4975906dcb

Download Submit
memory/2424-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3168-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download