22df7ed1c5e9b5a14bca4b8cd7ca14cfadedd917f759a01b0d85fabc59d34316

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 08:54

Target

3c2635a1deaebb851744892d9ea7d8b0_NeikiAnalytics.exe
Size

79KB
MD5

3c2635a1deaebb851744892d9ea7d8b0
SHA1

d4eedd4875315a64799dedc9350310a8d7f07540
SHA256

22df7ed1c5e9b5a14bca4b8cd7ca14cfadedd917f759a01b0d85fabc59d34316
SHA512

d5f941abac70703beaae444b26600d7d02059b495eed45d952152b184c63893c8dd80b18a915f58c4e19308c5c7987750271ae33d99503722d4fcf8a3d7b1e2c
SSDEEP

1536:zvtCL7dPmK9gv/OQA8AkqUhMb2nuy5wgIP0CSJ+5yfB8GMGlZ5G:zvt+uKa2GdqU7uy5w9WMyfN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3708	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 2000	3236	3c2635a1deaebb851744892d9ea7d8b0_NeikiAnalytics.exe	84
PID 3236 wrote to memory of 2000	3236	3c2635a1deaebb851744892d9ea7d8b0_NeikiAnalytics.exe	84
PID 3236 wrote to memory of 2000	3236	3c2635a1deaebb851744892d9ea7d8b0_NeikiAnalytics.exe	84
PID 2000 wrote to memory of 3708	2000	cmd.exe	85
PID 2000 wrote to memory of 3708	2000	cmd.exe	85
PID 2000 wrote to memory of 3708	2000	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\3c2635a1deaebb851744892d9ea7d8b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c2635a1deaebb851744892d9ea7d8b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3708

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e031477be951cae8449cccc80c4306c2

SHA1
1afa5f22b81c3d14af013b85c36dfd4c76c12b51

SHA256
5fac3560ee5fbd93a2cd8ddf7e8bb95e90f5591ad267e1b4d032af7ffeeec5f3

SHA512
7162ffa6a0990b7ed359221ca5fc08c3b2546471a4d678958e2f9f2cfb6f1711e9f9d9a14c67719bfaaa47618e5dd333dbf06d2507ea99d99ca386e59c3d3eff

Download Submit
memory/3236-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3708-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download