2a4f9b6b5fddbd74ae2518b8dc61277356e112448c9d976a9f37461155de1486

Analysis

max time kernel
129s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 23:38

Target

194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe
Size

79KB
MD5

194dff6b859603e4b0f43642b122c2c0
SHA1

5a930dc662e37ff02672e515136e3e3f80ba25bc
SHA256

2a4f9b6b5fddbd74ae2518b8dc61277356e112448c9d976a9f37461155de1486
SHA512

5217151066900ccf3bd82c21ba283d75589446fef77c2fed4690a2d8f7e07c9bf5c756fa108c717fd34ec03bff2a7495659e63bea8819cc780a0af8a7d2d20e1
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2860	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 4056	1488	194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe	84
PID 1488 wrote to memory of 4056	1488	194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe	84
PID 1488 wrote to memory of 4056	1488	194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe	84
PID 4056 wrote to memory of 2860	4056	cmd.exe	85
PID 4056 wrote to memory of 2860	4056	cmd.exe	85
PID 4056 wrote to memory of 2860	4056	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\194dff6b859603e4b0f43642b122c2c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2860

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5a32a92f645d2cffbb42b75b46288575

SHA1
49efe91a2371cf43e1356e4f1a33d5e13c8f72b6

SHA256
35601ecc80acb900377d47803d906aa10fff406d34f947478d74a721f6113f53

SHA512
979a09050640c2c8402dbc68fcfeef52be838e1c25d5537e54179dc428902600bdcd1586d0f1a41a209f53d1a6a05a47e5bd4057902eee52397474a3d403bcae

Download Submit
memory/1488-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2860-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download