8345ac659e260034d9781ffc60341d5001a582b513507337959b5bd829b8986e

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 06:48

Target

3759a2dc0467af9ae7126cf0e7f57290_NeikiAnalytics.exe
Size

79KB
MD5

3759a2dc0467af9ae7126cf0e7f57290
SHA1

9a76787e91a0f9953d861dbede42123aaa30ad48
SHA256

8345ac659e260034d9781ffc60341d5001a582b513507337959b5bd829b8986e
SHA512

ff38d86e6308e1aed8f27fd39f4ac1b6315779e9dbd471ba69ed9296ba143ad5bdf0f1d13aa02c0e887314ddde80b36955275b0e739b8a058ed78527a5c7e6f2
SSDEEP

1536:zvtCL7dPmK9gv/OQA8AkqUhMb2nuy5wgIP0CSJ+5y9B8GMGlZ5G:zvt+uKa2GdqU7uy5w9WMy9N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4976	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 4232	2124	3759a2dc0467af9ae7126cf0e7f57290_NeikiAnalytics.exe	84
PID 2124 wrote to memory of 4232	2124	3759a2dc0467af9ae7126cf0e7f57290_NeikiAnalytics.exe	84
PID 2124 wrote to memory of 4232	2124	3759a2dc0467af9ae7126cf0e7f57290_NeikiAnalytics.exe	84
PID 4232 wrote to memory of 4976	4232	cmd.exe	85
PID 4232 wrote to memory of 4976	4232	cmd.exe	85
PID 4232 wrote to memory of 4976	4232	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\3759a2dc0467af9ae7126cf0e7f57290_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3759a2dc0467af9ae7126cf0e7f57290_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4232
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4976

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f771fa25dd9b697901d9dee80ad46e13

SHA1
708b9ac7142c078945552d3d569458f59f62af8d

SHA256
3a62e7493771234762752de0e965a6fe20dddd402e7f6c16593d8527143378f8

SHA512
57351df217c221098f681657bee59e6008b373de4debd88a954e21357d4e3443e0ba0dc2dff910164f3a6d481ad520d370978feb8ca7148eb6598f0e884b8f3a

Download Submit
memory/2124-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4976-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download