a88efd3356028eae20279d5d2d2a08add083ecd05fb3db4ff6a3687bb98e4121

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 02:05

Target

2cffbc6c3af89d6c077443e80ab19230_NeikiAnalytics.exe
Size

79KB
MD5

2cffbc6c3af89d6c077443e80ab19230
SHA1

f6d2084ba20bfca57ae815e9c6985b7a322e82c8
SHA256

a88efd3356028eae20279d5d2d2a08add083ecd05fb3db4ff6a3687bb98e4121
SHA512

f95099ec6339e6bc4672ad4a6b39abd5c0e2b4d322f83ab81b18c35aae3f443e80b01564591537528bdb732d1a75b25dccafc909653f178a14d7926fd73e8853
SSDEEP

1536:zv88W8vK2iyamsPCx8GlOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zv8x8vfiJ2P8GdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3016	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 1404	2544	2cffbc6c3af89d6c077443e80ab19230_NeikiAnalytics.exe	82
PID 2544 wrote to memory of 1404	2544	2cffbc6c3af89d6c077443e80ab19230_NeikiAnalytics.exe	82
PID 2544 wrote to memory of 1404	2544	2cffbc6c3af89d6c077443e80ab19230_NeikiAnalytics.exe	82
PID 1404 wrote to memory of 3016	1404	cmd.exe	83
PID 1404 wrote to memory of 3016	1404	cmd.exe	83
PID 1404 wrote to memory of 3016	1404	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\2cffbc6c3af89d6c077443e80ab19230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2cffbc6c3af89d6c077443e80ab19230_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3016

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3b8859ba14b459cd5fa5c170197a59b6

SHA1
10290ce878fc22e5b802a8e301ac03cc8f482003

SHA256
6fa95c0d2951da1f33931263d1c73f60d1ca9c0d28da926a8da62f478f62811e

SHA512
e45f37077f4c5f00455c816c0278527fb072f8d05f78995ecf3fd1c4b469b1b48355c248cce9db2564330e7e317e85daf1d87f6d0bb06d8baf9eb7ff24980e2b

Download Submit
memory/2544-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3016-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download