94ebe1fc84c731163c58a333529acad4d1b903c2d2a8c443d7ae516ce1f08958

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 11:01

Target

407e0f9610e3d44060ba5bade592a7f0_NeikiAnalytics.exe
Size

79KB
MD5

407e0f9610e3d44060ba5bade592a7f0
SHA1

389b9445abae522d5d61af08dc19b9986de07b29
SHA256

94ebe1fc84c731163c58a333529acad4d1b903c2d2a8c443d7ae516ce1f08958
SHA512

9bf83f97302b03126623122182d47152c72422d70eecdb4df0807f257f00e8ecd872fbe989c424fd8b7133a5ae8e89b93f9ce3915ba7f07285e6252eb107d96b
SSDEEP

1536:zvv/UY9AxlNIniBKOQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zv3UG0l6niBGdqU7uy5w9WMy0N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4304	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 3704	1656	407e0f9610e3d44060ba5bade592a7f0_NeikiAnalytics.exe	82
PID 1656 wrote to memory of 3704	1656	407e0f9610e3d44060ba5bade592a7f0_NeikiAnalytics.exe	82
PID 1656 wrote to memory of 3704	1656	407e0f9610e3d44060ba5bade592a7f0_NeikiAnalytics.exe	82
PID 3704 wrote to memory of 4304	3704	cmd.exe	83
PID 3704 wrote to memory of 4304	3704	cmd.exe	83
PID 3704 wrote to memory of 4304	3704	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\407e0f9610e3d44060ba5bade592a7f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\407e0f9610e3d44060ba5bade592a7f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3704
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4304

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
109d1b6237a46000d1b32019a1d7ef47

SHA1
02ca689ba3d938be5ec8e93d0b7cc01a311d6d42

SHA256
c15d626f34455230d0de2a5854f750a91a46e572ab515431c76ca97024220036

SHA512
778a052bc2ba7053b0d32a4b1776d48a1ea04f193a6e6c2a4e62ecbf2848f4a0765b9fcad1b786889bdf2f76b6208a7eab80fb6f139e0b5eaa1c5dc7179895ea

Download Submit
memory/1656-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4304-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download