f0f462f1091dbc42f766d7d5082f1a242071209bfaa95ee25e68741623232f62

Analysis

max time kernel
93s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 09:26

Target

3d44f75f8bf585200e622cd08be3bdf0_NeikiAnalytics.exe
Size

79KB
MD5

3d44f75f8bf585200e622cd08be3bdf0
SHA1

f1da182b04279f615aeb9d8210e1368c69c72694
SHA256

f0f462f1091dbc42f766d7d5082f1a242071209bfaa95ee25e68741623232f62
SHA512

578e6dcbd120b6b2dcba2c8b3431ee3f58d60329026c34f23addcea73fdd0476acd4025e5d12e1775e9518d52f8826fff85090e99f19db11da2c889befcb8b81
SSDEEP

1536:zvVAjzg5K8d2og1CMR2OQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvAsE801CMNGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3604	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 3024	2176	3d44f75f8bf585200e622cd08be3bdf0_NeikiAnalytics.exe	85
PID 2176 wrote to memory of 3024	2176	3d44f75f8bf585200e622cd08be3bdf0_NeikiAnalytics.exe	85
PID 2176 wrote to memory of 3024	2176	3d44f75f8bf585200e622cd08be3bdf0_NeikiAnalytics.exe	85
PID 3024 wrote to memory of 3604	3024	cmd.exe	86
PID 3024 wrote to memory of 3604	3024	cmd.exe	86
PID 3024 wrote to memory of 3604	3024	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\3d44f75f8bf585200e622cd08be3bdf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3d44f75f8bf585200e622cd08be3bdf0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3604

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0d43dabcb36743cc6f25466ef04307f5

SHA1
0bedb1c28bbeef9bbad358a6957aadce8ebe213b

SHA256
d8a05318e4c435cc6a61f81904133506b4371fb21d678fe118280dca6579cd13

SHA512
81447e47d86e8cbe89465886cfd88bfb4ac81f72357a01829cc41d37339a0c56ea12ce3d4c80d1c19a3804010537c8f2c4ecfb11f48ce84a060c9eeb37f885a5

Download Submit
memory/2176-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3604-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download