d9005110ad932f711b74cdea53ca2d429c7e7f6aaf7615a76e3b5934d9c74848

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 07:48

Target

3981fe5a9f2e9162d15202af098298d0_NeikiAnalytics.exe
Size

79KB
MD5

3981fe5a9f2e9162d15202af098298d0
SHA1

e806fff383ba5204dbc90f8b96a7981e3e28b96d
SHA256

d9005110ad932f711b74cdea53ca2d429c7e7f6aaf7615a76e3b5934d9c74848
SHA512

f0abbb40fe4b0ff884e35f3db4cc0fcbb6cbbbb49896fd236c54b6aa3e26b6728b3583aef127e2e12fadf4420832aff8f6c5c1373a2a9e7114e94b84e82b68be
SSDEEP

1536:zvO/iWQN7sVqtRZuuOQA8AkqUhMb2nuy5wgIP0CSJ+5yIB8GMGlZ5G:zvO6LP7Z+GdqU7uy5w9WMyIN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4168	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4916	5040	3981fe5a9f2e9162d15202af098298d0_NeikiAnalytics.exe	84
PID 5040 wrote to memory of 4916	5040	3981fe5a9f2e9162d15202af098298d0_NeikiAnalytics.exe	84
PID 5040 wrote to memory of 4916	5040	3981fe5a9f2e9162d15202af098298d0_NeikiAnalytics.exe	84
PID 4916 wrote to memory of 4168	4916	cmd.exe	85
PID 4916 wrote to memory of 4168	4916	cmd.exe	85
PID 4916 wrote to memory of 4168	4916	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\3981fe5a9f2e9162d15202af098298d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3981fe5a9f2e9162d15202af098298d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4168

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
cd42721b5a219a1538294b7d75298b75

SHA1
21650b84fbd09f50c4103ca532ee65100d85c022

SHA256
2b3e34e0c3551c25c66315e7d933b0bd3e8dd1bfd839bec90f59ace940fc49f2

SHA512
f74aee5f0ad512e80c6aaf4e50431a02d60f493790d5ae9b7fdf41c40929cfe7f1d75ae722c037d5ca5b8b89ee2cae5bdfc42f6c6c35595b2ea5051788e90962

Download Submit
memory/4168-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5040-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download