dbf07f7d31e842f62ee3329cd45d8c7f9f935711840411ce215c4817b0122233

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 01:11

Target

2adb0a3b9c8a234e127a0a5ff42d5eb0_NeikiAnalytics.exe
Size

79KB
MD5

2adb0a3b9c8a234e127a0a5ff42d5eb0
SHA1

ba5f0dfcd4dc5d22de00519cf7ed0f99d0e62e0b
SHA256

dbf07f7d31e842f62ee3329cd45d8c7f9f935711840411ce215c4817b0122233
SHA512

e3927f6d4e08cee3830c132ced5306b2174a0e926960ae91e5d950d2e844cb01127c30c6144c1d9fb2eea366bc75546c29f7cefe8c1aecf10e23dc913f0a5300
SSDEEP

1536:zv88W8vK2iyamsPCx8GlOQA8AkqUhMb2nuy5wgIP0CSJ+5yEB8GMGlZ5G:zv8x8vfiJ2P8GdqU7uy5w9WMyEN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3480	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 760	3532	2adb0a3b9c8a234e127a0a5ff42d5eb0_NeikiAnalytics.exe	83
PID 3532 wrote to memory of 760	3532	2adb0a3b9c8a234e127a0a5ff42d5eb0_NeikiAnalytics.exe	83
PID 3532 wrote to memory of 760	3532	2adb0a3b9c8a234e127a0a5ff42d5eb0_NeikiAnalytics.exe	83
PID 760 wrote to memory of 3480	760	cmd.exe	84
PID 760 wrote to memory of 3480	760	cmd.exe	84
PID 760 wrote to memory of 3480	760	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\2adb0a3b9c8a234e127a0a5ff42d5eb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2adb0a3b9c8a234e127a0a5ff42d5eb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:760
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3480

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7643487c003a29b86b60df64dc73b64c

SHA1
432044f75bbeb8f7b23cf840c5c4ed6a3fdc9ad5

SHA256
bdd8133d6937ba535b9b327d106b723544a978dcc4427174c7bc3ef60d7926f6

SHA512
6bcae1d2912c3285196009c6ad87ad4a821edc8ea2fb77e5f92209aa961b3ebf83d8be435c2ef047957f7fec71e120b6fc62db0ee68ab855a9bc0570c9ef7b32

Download Submit
memory/3480-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3532-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download