b74c0f2b17cb15630a0a18eb09ba4ad65fdd59b4da93f096365841004ad63bae

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 01:29

Target

2b88f908570361dd0cd273dfbdee21b0_NeikiAnalytics.exe
Size

79KB
MD5

2b88f908570361dd0cd273dfbdee21b0
SHA1

60307b933cbe911ff4eeb5f8854b4c462e20da40
SHA256

b74c0f2b17cb15630a0a18eb09ba4ad65fdd59b4da93f096365841004ad63bae
SHA512

7b0f962650474ef7ba87a42240e4bdeac65ade9d274ee405b61fa9918af8821ca0af2894f01e99c46b7ce76dcc862af988b86be16b403239994fb53957b2425f
SSDEEP

1536:zveqMOWly+1LMS6T5S0KiOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zvevOW916TI0yGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3760	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 832	3212	2b88f908570361dd0cd273dfbdee21b0_NeikiAnalytics.exe	83
PID 3212 wrote to memory of 832	3212	2b88f908570361dd0cd273dfbdee21b0_NeikiAnalytics.exe	83
PID 3212 wrote to memory of 832	3212	2b88f908570361dd0cd273dfbdee21b0_NeikiAnalytics.exe	83
PID 832 wrote to memory of 3760	832	cmd.exe	84
PID 832 wrote to memory of 3760	832	cmd.exe	84
PID 832 wrote to memory of 3760	832	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\2b88f908570361dd0cd273dfbdee21b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2b88f908570361dd0cd273dfbdee21b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:832
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3760

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ef08700c8aed012309db643d9b623729

SHA1
d410ec2e262624181bce179fc36926f01b79cf91

SHA256
6e9a0b5e801750ab893d3c05445ea8e5dfe89d2d72333176a3b094eb33c45f4a

SHA512
1e93567477555acc1f5b4ae7ed0a134b04e9a86a8b1ef7b292777335f314e8d0b31b9a333692f376d6412bcb3b1ebef5b44cc797903fdc76fe2b8eec26a885ab

Download Submit
memory/3212-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3760-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download