5b5a3d1cb7bf6fb33cd5d986a4d2c39baf8a5180aaeec2e57f7d48cc0477b2ad

Analysis

max time kernel
132s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 19:14

Target

0fde9767a74afd6e00e64fff6ad9aed0_NeikiAnalytics.exe
Size

79KB
MD5

0fde9767a74afd6e00e64fff6ad9aed0
SHA1

f966b2f5cbafd0576fc4aa11f5c7f23d3b4e9e61
SHA256

5b5a3d1cb7bf6fb33cd5d986a4d2c39baf8a5180aaeec2e57f7d48cc0477b2ad
SHA512

c5e4f2a807ca5c2ef0bdb27d312083579f6bc9ac18595586fa1fb1124c56830ceeb84a54a8e22173a7ae918207d52fda879239cbbb5b6a01c990af904c59e89a
SSDEEP

1536:zvrvvvvRSi92KbBYWcGOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvWOBQGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4968	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 936	960	0fde9767a74afd6e00e64fff6ad9aed0_NeikiAnalytics.exe	84
PID 960 wrote to memory of 936	960	0fde9767a74afd6e00e64fff6ad9aed0_NeikiAnalytics.exe	84
PID 960 wrote to memory of 936	960	0fde9767a74afd6e00e64fff6ad9aed0_NeikiAnalytics.exe	84
PID 936 wrote to memory of 4968	936	cmd.exe	85
PID 936 wrote to memory of 4968	936	cmd.exe	85
PID 936 wrote to memory of 4968	936	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\0fde9767a74afd6e00e64fff6ad9aed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0fde9767a74afd6e00e64fff6ad9aed0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4968

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
59566b47c309d4315cd5221ed93717ae

SHA1
c27f098f5f1b4d784e884e76f441f2dee8fd9c8f

SHA256
b0bc4c0497acdb02b0554e8fd3744ab8dda6af49c3f5fc9ec167c4114353db29

SHA512
30025df54644b457b3000ab548e253c6be4fcdbb7a7d92d94db0f3b2c238660b6274af2cdc4364f7dad56057f4aef1b2a7266670936bcd3d9ed3319431863562

Download Submit
memory/960-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4968-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download