41690f940026a43edd35d95c1bdf0ddb0d78b6690070265a932b114961109eb8

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 18:31

Target

0b2a0d9b41e03f2b5069f31c0ba2eeb0_NeikiAnalytics.exe
Size

79KB
MD5

0b2a0d9b41e03f2b5069f31c0ba2eeb0
SHA1

988c8f0b55de4bda39c2237ff8251ffe1171cf11
SHA256

41690f940026a43edd35d95c1bdf0ddb0d78b6690070265a932b114961109eb8
SHA512

385d759d8c00287d29f3dd9a61864501b1d8ff3c49d731d6da77e63d63e3b8d0fa3056331a82f2752ada21e1450a053d88db9d52b22fdbf59550b6b97c785ce2
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4176	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 3376	4564	0b2a0d9b41e03f2b5069f31c0ba2eeb0_NeikiAnalytics.exe	84
PID 4564 wrote to memory of 3376	4564	0b2a0d9b41e03f2b5069f31c0ba2eeb0_NeikiAnalytics.exe	84
PID 4564 wrote to memory of 3376	4564	0b2a0d9b41e03f2b5069f31c0ba2eeb0_NeikiAnalytics.exe	84
PID 3376 wrote to memory of 4176	3376	cmd.exe	85
PID 3376 wrote to memory of 4176	3376	cmd.exe	85
PID 3376 wrote to memory of 4176	3376	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\0b2a0d9b41e03f2b5069f31c0ba2eeb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b2a0d9b41e03f2b5069f31c0ba2eeb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3376
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4176

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1fe2c4c96ed9985bab5cadd1528b2ee5

SHA1
53bac8dea942c44b04b2ca9ebc13d2ac9759d57f

SHA256
1f9188d05ad4f4dfc29d98b63b90356aecb9f791aa80c1c19d098eaf2e8cee8a

SHA512
69d7d3f8c3a7155e2fa9eb260a45e86c897d0a0eb324118b8a36acc6f687f3cc2f800820da1bcf6ddb62df312ed4a48dd2979ec67635d6c2db4df2c772acaa12

Download Submit
memory/4176-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4564-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download