9fc982ee8d33d331da227a23dba17285cc30f3f803d19c1683423d19fd321a14

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 10:08

Target

3eba5d014442667679f1d6cde824a2d0_NeikiAnalytics.exe
Size

79KB
MD5

3eba5d014442667679f1d6cde824a2d0
SHA1

5aa6b6192598ebf7ffb23a987d60101e22dfe7bc
SHA256

9fc982ee8d33d331da227a23dba17285cc30f3f803d19c1683423d19fd321a14
SHA512

2e4f629fafd475c040451885d119e5df41165bbca3c9a75b4476a4851979a7edd8fb916de06dde4288092bcfeec4b6cca09402bf0a3a0dd55681d028e05b7e22
SSDEEP

1536:zvUdj6+7XGdjzOQA8AkqUhMb2nuy5wgIP0CSJ+5yJB8GMGlZ5G:zv7TyGdqU7uy5w9WMyJN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3936	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 2360	848	3eba5d014442667679f1d6cde824a2d0_NeikiAnalytics.exe	84
PID 848 wrote to memory of 2360	848	3eba5d014442667679f1d6cde824a2d0_NeikiAnalytics.exe	84
PID 848 wrote to memory of 2360	848	3eba5d014442667679f1d6cde824a2d0_NeikiAnalytics.exe	84
PID 2360 wrote to memory of 3936	2360	cmd.exe	85
PID 2360 wrote to memory of 3936	2360	cmd.exe	85
PID 2360 wrote to memory of 3936	2360	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\3eba5d014442667679f1d6cde824a2d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3eba5d014442667679f1d6cde824a2d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3936

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2337ea3cbff6fe3d358466bb46724fb7

SHA1
5b006be450f7fd28073558c04b534c49c221f01e

SHA256
27df1ac212b124b8f2fe551d124cba12d779a33993eb583bea6ddad93ed6229c

SHA512
d6ddaa90d68fd45be9826cd87a3a1c5affec563c0e61655de9339f0609d63be997637abaa936a309f57075f2714cabded90ea9cdc822535d5d3b06364f64fe1e

Download Submit
memory/848-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3936-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download