81790871e1e460aa5a8275a2464a8bb0bc724cf3ee0359d2a3f72c25064094f3

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 04:35

Target

32ab5066025c1fde476e579509602240_NeikiAnalytics.exe
Size

79KB
MD5

32ab5066025c1fde476e579509602240
SHA1

f1078ee836bddd774d71fa928ed306eeb60b3850
SHA256

81790871e1e460aa5a8275a2464a8bb0bc724cf3ee0359d2a3f72c25064094f3
SHA512

8758ffb78ed8e8712180f20e9ed7bf3eb5778ae17afd98ebe03ebc15aee7d64456490bac57af8911dc6be15be68c7fe8e692e485a5466b6f6316d503c7d08571
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5y+B8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMy+N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4424	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 4720	1792	32ab5066025c1fde476e579509602240_NeikiAnalytics.exe	84
PID 1792 wrote to memory of 4720	1792	32ab5066025c1fde476e579509602240_NeikiAnalytics.exe	84
PID 1792 wrote to memory of 4720	1792	32ab5066025c1fde476e579509602240_NeikiAnalytics.exe	84
PID 4720 wrote to memory of 4424	4720	cmd.exe	85
PID 4720 wrote to memory of 4424	4720	cmd.exe	85
PID 4720 wrote to memory of 4424	4720	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\32ab5066025c1fde476e579509602240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\32ab5066025c1fde476e579509602240_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4424

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
01ba912ca409fb78a8e128101bab2380

SHA1
02df1eba19f9088ab3c195fc02cf04ee36dfaa53

SHA256
6a58d9cd3fec9ebca79529b3884eac2686f93e5498caee1d687508c800254966

SHA512
50b7b3cbc5f99791e1bd56852111b2bdf944792a79364d313e0148e54b518ea45be23f49af1b5d2a5160039e4b56d90bc031bef77345741a30fb29c367657c7f

Download Submit
memory/1792-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4424-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download