bdfeb793405ff1b77dbe31561047edf799d4c52bf62ec53ea918e39e4aed1543

Analysis

max time kernel
91s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 23:17

Target

164ecd43a522b198bba393830e6de210_NeikiAnalytics.exe
Size

79KB
MD5

164ecd43a522b198bba393830e6de210
SHA1

6b48734cc098d5360fc27a8387e39b8d9e2b611d
SHA256

bdfeb793405ff1b77dbe31561047edf799d4c52bf62ec53ea918e39e4aed1543
SHA512

947b5c9594aab541929a7ae6d4275824b82e96acc4ab35c85a02affa9d2a4598da64cd252a477d0c99cf395e069338831c7670ce91d877a1f890e858db557047
SSDEEP

1536:zvDsG4JxfZRe6RIFnzUmJfOQA8AkqUhMb2nuy5wgIP0CSJ+5yWB8GMGlZ5G:zvYc5zpJWGdqU7uy5w9WMyWN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2748	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 1292	3464	164ecd43a522b198bba393830e6de210_NeikiAnalytics.exe	83
PID 3464 wrote to memory of 1292	3464	164ecd43a522b198bba393830e6de210_NeikiAnalytics.exe	83
PID 3464 wrote to memory of 1292	3464	164ecd43a522b198bba393830e6de210_NeikiAnalytics.exe	83
PID 1292 wrote to memory of 2748	1292	cmd.exe	84
PID 1292 wrote to memory of 2748	1292	cmd.exe	84
PID 1292 wrote to memory of 2748	1292	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\164ecd43a522b198bba393830e6de210_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\164ecd43a522b198bba393830e6de210_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2748

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9b3ac894ff3a296743c554330d8b3aa5

SHA1
4d88a433152c24ac9a76dc7ccb8def026644ac01

SHA256
da471f3763193adf01daa9381454df1788ff188ef040449b711ee6db6d991709

SHA512
04d81b823302768feba09b4df945a8e949018a7be5b17b539db60f21afc95b42e90ee0b29b6b3eb0e3128c7b8a88755b252e5115184431325d43477bfa49918b

Download Submit
memory/2748-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3464-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download