92e25be6f0b025f4fe0226820504225ac3f7158940d2268d7b6c971126c85e06

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 03:43

Target

30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe
Size

79KB
MD5

30e27838cccec4c3a51e4ca2c0c346a0
SHA1

f7a45118eceb95b16c102f6e8a8457dc5cea5400
SHA256

92e25be6f0b025f4fe0226820504225ac3f7158940d2268d7b6c971126c85e06
SHA512

5eb59222b74ac8dd586db7e074f3d6f481ce6338a79b69a0b66562be4d76312008754b7befad73e79933d768cfee41b04b6cf521ce1c325113b4c08e96769b08
SSDEEP

1536:zvG9N9jV7sPVknOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zv8N9jtsP/GdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2420	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 1576	4816	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	83
PID 4816 wrote to memory of 1576	4816	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	83
PID 4816 wrote to memory of 1576	4816	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	83
PID 1576 wrote to memory of 2420	1576	cmd.exe	84
PID 1576 wrote to memory of 2420	1576	cmd.exe	84
PID 1576 wrote to memory of 2420	1576	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2420

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bbfba9b06511ba3d49b57da31f089888

SHA1
f0ab382192f590c6a520947249e2a9b6847cfe84

SHA256
56f3081db4b406f323093999078e9dd1ddf5219fc6e11d3e61ae03caae54b6bd

SHA512
c9dfe0f48f1cfb178be2cf9345ad0d37918d7cc950d72cf93bc86f091ee5f6004783ceeb54398d542e6b7a687e526b83d17f178f950bc7d75151294f49a3c3f7

Download Submit
memory/2420-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4816-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download