c30a7b00ed9c8504827a5aad5cc95363f0c7f3bca6a106b6c09deef5ee965a75

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 23:41

Target

19a154bb2b228db607ad8c7cef4592a0_NeikiAnalytics.exe
Size

73KB
MD5

19a154bb2b228db607ad8c7cef4592a0
SHA1

027c2299050d60090bdb85f7b558239958bcaf95
SHA256

c30a7b00ed9c8504827a5aad5cc95363f0c7f3bca6a106b6c09deef5ee965a75
SHA512

4a72f9914d9cc4be7a82a9fa3802a15d4bfc082bc97f36b1709858e1d9079ef594b8a5bf6c337f0be4e5361c5fc08c4075874dd93d1e7becb9a4dbb18bee318d
SSDEEP

1536:hbjakGkhcK5QPqfhVWbdsmA+RjPFLC+e5hc0ZGUGf2g:hCkGkhcNPqfcxA+HFshcOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1664	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 932	860	19a154bb2b228db607ad8c7cef4592a0_NeikiAnalytics.exe	85
PID 860 wrote to memory of 932	860	19a154bb2b228db607ad8c7cef4592a0_NeikiAnalytics.exe	85
PID 860 wrote to memory of 932	860	19a154bb2b228db607ad8c7cef4592a0_NeikiAnalytics.exe	85
PID 932 wrote to memory of 1664	932	cmd.exe	86
PID 932 wrote to memory of 1664	932	cmd.exe	86
PID 932 wrote to memory of 1664	932	cmd.exe	86
PID 1664 wrote to memory of 2708	1664	[email protected]	87
PID 1664 wrote to memory of 2708	1664	[email protected]	87
PID 1664 wrote to memory of 2708	1664	[email protected]	87

C:\Users\Admin\AppData\Local\Temp\19a154bb2b228db607ad8c7cef4592a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\19a154bb2b228db607ad8c7cef4592a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:932
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2708

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
60edb9e94e8743a99934111772531c1f

SHA1
616c30c689f00c20aa704d3e8339e00d98996558

SHA256
46c9298d0fc2c6ce58d53218d8d141a11617d4fbeb3cfa6bfd899bc47687c049

SHA512
06e5f52e26627b33ca168b734df3824fb801ec70274f48aab82d0e9bfc639804336b5dcd5632ba3fc7c8077d9b0ad939b9dd1ec00af708489cd04f5cc3fcfa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/860-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/1664-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download