0d36f993d81f24309ae82f83a0b0f0c80ef2f4a68767b32c66461ffd1109ffd6

Analysis

max time kernel
131s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 23:28

Target

17bd7f2d8ee80e4e978f26f4f9d870a0_NeikiAnalytics.exe
Size

79KB
MD5

17bd7f2d8ee80e4e978f26f4f9d870a0
SHA1

b371d0e82b445662d562442c4d85ca336e40fea0
SHA256

0d36f993d81f24309ae82f83a0b0f0c80ef2f4a68767b32c66461ffd1109ffd6
SHA512

4450f616dca147ed07960bbd8ae42ce3fe625936b5f96c9aae378b58e4e24a9a9905890378c50cfb0002584ae6b9dd79c092c88df09f9831858468269e010032
SSDEEP

1536:zvDsG4JxfZRe6RIFnzUmJfOQA8AkqUhMb2nuy5wgIP0CSJ+5ynB8GMGlZ5G:zvYc5zpJWGdqU7uy5w9WMynN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3924	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 232	3192	17bd7f2d8ee80e4e978f26f4f9d870a0_NeikiAnalytics.exe	86
PID 3192 wrote to memory of 232	3192	17bd7f2d8ee80e4e978f26f4f9d870a0_NeikiAnalytics.exe	86
PID 3192 wrote to memory of 232	3192	17bd7f2d8ee80e4e978f26f4f9d870a0_NeikiAnalytics.exe	86
PID 232 wrote to memory of 3924	232	cmd.exe	87
PID 232 wrote to memory of 3924	232	cmd.exe	87
PID 232 wrote to memory of 3924	232	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\17bd7f2d8ee80e4e978f26f4f9d870a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17bd7f2d8ee80e4e978f26f4f9d870a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:232
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3924

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2a51d076a4339257ad7017ab1d8015f9

SHA1
d92bca8d4a00a9ca70740da6486bb2f191e46549

SHA256
992d456fc4a3c954e9ae50b764430af6ea081581b1da4737822e4e53650b7294

SHA512
55dace868713bea96689c75acce9d20ee4657678cd7ec87960f4be26ea9502b3f8abf52458fd1afce00e753021f3eb45cad21818cbbd66777082f4049c8a2d26

Download Submit
memory/3192-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3924-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download