464ffb24e72d5e50653aa4929d9735759414a1e8646382780b0998374d099737

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 23:47

Target

1a595e31d5f47bbae24b2a32053716d0_NeikiAnalytics.exe
Size

79KB
MD5

1a595e31d5f47bbae24b2a32053716d0
SHA1

bf0932595caa1bef947cef9b5237127e6b38be73
SHA256

464ffb24e72d5e50653aa4929d9735759414a1e8646382780b0998374d099737
SHA512

fb86f18277bc1fd273c80def6944eef4088f5034c27f1b38671fb7cc41bc3579d42a23fe045220b9f4f4d8088935fca289d26e44125d3ee4bfcc9300791b3634
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yJB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyJN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3528	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 3348	5096	1a595e31d5f47bbae24b2a32053716d0_NeikiAnalytics.exe	82
PID 5096 wrote to memory of 3348	5096	1a595e31d5f47bbae24b2a32053716d0_NeikiAnalytics.exe	82
PID 5096 wrote to memory of 3348	5096	1a595e31d5f47bbae24b2a32053716d0_NeikiAnalytics.exe	82
PID 3348 wrote to memory of 3528	3348	cmd.exe	83
PID 3348 wrote to memory of 3528	3348	cmd.exe	83
PID 3348 wrote to memory of 3528	3348	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\1a595e31d5f47bbae24b2a32053716d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1a595e31d5f47bbae24b2a32053716d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3348
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3528

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c4b562d3507f7ca545e882dadc157b60

SHA1
eb47fc481b0586320eca805bd290dbc1e710e476

SHA256
a9eb88595c9db2552ea871267d1ce1b5c49f6b0ecd5fd71d3f21001f2df087ac

SHA512
1fc700dae63cc2dbfedc797ae65e095b8ef5624434a39db4d31e7395a18f3584f7db388252e302d6e6a08ce63a5db97acdd85c3346823c2116122abb1d0b850c

Download Submit
memory/3528-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5096-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download