55344fd64a899620a5ddacab41782b1f3253b018965a25b1286f9d4f209df809

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 10:12

Target

3ed6c67fb12660362b988800358401f0_NeikiAnalytics.exe
Size

79KB
MD5

3ed6c67fb12660362b988800358401f0
SHA1

3f1d7a9f3dc78c9c5a436077990f2ee1e633f394
SHA256

55344fd64a899620a5ddacab41782b1f3253b018965a25b1286f9d4f209df809
SHA512

43e6f00e5563fef116e6d627c4cb9439738dd25c9e68abf15c0007b4cb7c7dbcca6c1aaf5dbca35a2484d3d3037416a3fd7ae284eb322cf13de24911be2c1e44
SSDEEP

1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5ysB8GMGlZ5G:zv6PsoIGdqU7uy5w9WMysN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4088	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 5112	2748	3ed6c67fb12660362b988800358401f0_NeikiAnalytics.exe	83
PID 2748 wrote to memory of 5112	2748	3ed6c67fb12660362b988800358401f0_NeikiAnalytics.exe	83
PID 2748 wrote to memory of 5112	2748	3ed6c67fb12660362b988800358401f0_NeikiAnalytics.exe	83
PID 5112 wrote to memory of 4088	5112	cmd.exe	84
PID 5112 wrote to memory of 4088	5112	cmd.exe	84
PID 5112 wrote to memory of 4088	5112	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\3ed6c67fb12660362b988800358401f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3ed6c67fb12660362b988800358401f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4088

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2de54b9271c5e1561d0df1db7de69476

SHA1
731673de13c0dfacdf73c3ba5996e5f2d14213ac

SHA256
8660fc14a30597ed05c38ba74e93e179a0fa6ebbc9cff8a89887942c23ec6dc1

SHA512
af13f4fcbf24dac0adc84cac90eaf37f725e7c9c9c4520bc915cce8951116380ffabad6675b010b19cbc45ab82c0204582619a74902f567936e5e851a3ac6bef

Download Submit
memory/2748-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4088-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download