6fd4324c205338044f7f1cf8cd91f6ec2309199c3e73cb827418c0ba4dd08732

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 22:02

Target

0cdc9f2af9eb21357f833756043665b0_NeikiAnalytics.exe
Size

79KB
MD5

0cdc9f2af9eb21357f833756043665b0
SHA1

c041e45e24ead00f238bb9d7ac56912225d99876
SHA256

6fd4324c205338044f7f1cf8cd91f6ec2309199c3e73cb827418c0ba4dd08732
SHA512

1f9472b310d179af44d834ae7a23c58cc0d84f10d2b85692bd7c3d31a75f709d35348a24037925c1c96c3e36d73f708a5ebfd773e3d95e945beca0ad51835475
SSDEEP

1536:zvGaBazEZgHruVbgswJpmcOQA8AkqUhMb2nuy5wgIP0CSJ+5yySB8GMGlZ5G:zvGaBphVbbPGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
832	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 3988	3128	0cdc9f2af9eb21357f833756043665b0_NeikiAnalytics.exe	84
PID 3128 wrote to memory of 3988	3128	0cdc9f2af9eb21357f833756043665b0_NeikiAnalytics.exe	84
PID 3128 wrote to memory of 3988	3128	0cdc9f2af9eb21357f833756043665b0_NeikiAnalytics.exe	84
PID 3988 wrote to memory of 832	3988	cmd.exe	85
PID 3988 wrote to memory of 832	3988	cmd.exe	85
PID 3988 wrote to memory of 832	3988	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\0cdc9f2af9eb21357f833756043665b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0cdc9f2af9eb21357f833756043665b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3988
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:832

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5753f940ac292f3a151dd830194f91be

SHA1
1d17fd5dfedfff9dc2d7aff514af657dc8c8e433

SHA256
75d882349042b99cc5749b7b0c0b0dfa12dc697c045e6a64e0cb2317d3e580cc

SHA512
2e042ae98f463c99558104e761b5d24406cb8b47f88245de993c43015faa8c0e74828f72afa7ab45a4761bc687ac126b5f4473ada251a86e0edf0e21bb2905e7

Download Submit
memory/832-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3128-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download