565362473dee55aee5f65042e70b0ffe0a216bc05f3c1c479d81d50e89e41e44

Analysis

max time kernel
131s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 03:42

Target

30da51837e62f83f2c7b59785d7df060_NeikiAnalytics.exe
Size

79KB
MD5

30da51837e62f83f2c7b59785d7df060
SHA1

38b7759f4864478344687f70fb76322de476f60d
SHA256

565362473dee55aee5f65042e70b0ffe0a216bc05f3c1c479d81d50e89e41e44
SHA512

8870569427622526f43f9e343ea9147f3edea0f71e473dc99b0c54ffe81e07cbddd71ecf02a32eb6c12695aa5274e3b87d28afd93deaa5f943c7fc04a9aaa81f
SSDEEP

1536:zvanQx1CTHtOQA8AkqUhMb2nuy5wgIP0CSJ+5yYB8GMGlZ5G:zvaQx1y0GdqU7uy5w9WMyYN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4460	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 2828	4276	30da51837e62f83f2c7b59785d7df060_NeikiAnalytics.exe	83
PID 4276 wrote to memory of 2828	4276	30da51837e62f83f2c7b59785d7df060_NeikiAnalytics.exe	83
PID 4276 wrote to memory of 2828	4276	30da51837e62f83f2c7b59785d7df060_NeikiAnalytics.exe	83
PID 2828 wrote to memory of 4460	2828	cmd.exe	84
PID 2828 wrote to memory of 4460	2828	cmd.exe	84
PID 2828 wrote to memory of 4460	2828	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\30da51837e62f83f2c7b59785d7df060_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30da51837e62f83f2c7b59785d7df060_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4460

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
dad0b652d33d0719696c13476306e197

SHA1
3edf251940d2e546d739ffbe23fa60415d9bb703

SHA256
65b651793d096271a824af6674f9dc17df16b190bb3bd952ccd8afb622e9545a

SHA512
edc7bf2e6fc4a61c4e3559aa981676bed66d2e4aa41950c06c8838a43f233227188279ae78f68a78c8c53defcd626dae0a5b70ea32c29a34e7503fd69fb6de53

Download Submit
memory/4276-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4460-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download