171f7e3b9fa3c7d7888dfc75fd134f90ea29cdffe490d5d5ce3390fedd59112d

Analysis

max time kernel
148s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 03:52

Target

3131ea8af8a9ebc84358b210f6daf3e0_NeikiAnalytics.exe
Size

73KB
MD5

3131ea8af8a9ebc84358b210f6daf3e0
SHA1

b18b9c526dfaf631368408c8764e6d0b1025bdaa
SHA256

171f7e3b9fa3c7d7888dfc75fd134f90ea29cdffe490d5d5ce3390fedd59112d
SHA512

8f9a83ef6355a3c0d7732331a51758896709ac407c93e0f5b2f34fa818c2c8d79ff2659d186d0ac488aa8ec9f94a77f109230e4e9e33d4374f14e073d73c9c0d
SSDEEP

1536:hb/jvQTwIEK5QPqfhVWbdsmA+RjPFLC+e5hl0ZGUGf2g:hbj40IENPqfcxA+HFshlOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4064	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 404	3896	3131ea8af8a9ebc84358b210f6daf3e0_NeikiAnalytics.exe	84
PID 3896 wrote to memory of 404	3896	3131ea8af8a9ebc84358b210f6daf3e0_NeikiAnalytics.exe	84
PID 3896 wrote to memory of 404	3896	3131ea8af8a9ebc84358b210f6daf3e0_NeikiAnalytics.exe	84
PID 404 wrote to memory of 4064	404	cmd.exe	85
PID 404 wrote to memory of 4064	404	cmd.exe	85
PID 404 wrote to memory of 4064	404	cmd.exe	85
PID 4064 wrote to memory of 3552	4064	[email protected]	86
PID 4064 wrote to memory of 3552	4064	[email protected]	86
PID 4064 wrote to memory of 3552	4064	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\3131ea8af8a9ebc84358b210f6daf3e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3131ea8af8a9ebc84358b210f6daf3e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4064
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3552

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
036ce2f9454ecf1feafd356abcd8cd0a

SHA1
fa3fd0ecd87b0427392c8d83df61d5e2f3153c93

SHA256
60a70716d6a9a3dd69e44519050b9fbea10f530716a72fdc9fa6fbd54a71d80d

SHA512
e99478221603d4f58a76e3b7ff053e809eac8238f65124eb0f0289cc30ca0f8dea71876598ac718e37d5b1533c7d0b43dd00038a9f11233277b54cf927b4f687

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3896-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4064-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download