dc552059c65b2c078a0419f77e8da95d3dd215a5e7fd817412dd66bdbca11f47

Analysis

max time kernel
134s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 21:49

Target

5705557afa2d5f9639bf1b755b4c3dc0_NeikiAnalytics.exe
Size

79KB
MD5

5705557afa2d5f9639bf1b755b4c3dc0
SHA1

f13b81064a9507debaba7a79cc32c47cd50ab096
SHA256

dc552059c65b2c078a0419f77e8da95d3dd215a5e7fd817412dd66bdbca11f47
SHA512

e6aabdc3e5b2072668a4c085c800e269de48edcadeabce329c0b1493a580afac7ac50daeaa70396c75f40e95b3ea41f3d42319c4007d90fc7cfb09cc84f54e9d
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zv652PjGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4828	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 1200	4920	5705557afa2d5f9639bf1b755b4c3dc0_NeikiAnalytics.exe	85
PID 4920 wrote to memory of 1200	4920	5705557afa2d5f9639bf1b755b4c3dc0_NeikiAnalytics.exe	85
PID 4920 wrote to memory of 1200	4920	5705557afa2d5f9639bf1b755b4c3dc0_NeikiAnalytics.exe	85
PID 1200 wrote to memory of 4828	1200	cmd.exe	86
PID 1200 wrote to memory of 4828	1200	cmd.exe	86
PID 1200 wrote to memory of 4828	1200	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\5705557afa2d5f9639bf1b755b4c3dc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5705557afa2d5f9639bf1b755b4c3dc0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4828

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
655c38d62e12bfd8a6f4be56064824af

SHA1
e929e724b32fb73a7091a95588b5ea5d5c193aa8

SHA256
df869509c741f0ba29dc8f43bdfeb9d12641361066af46a1dd9f1a8b640828bb

SHA512
6a6d4937424def2512889c15bc14745db8fd49b0c827bea38d99df958b10bef064e9cf40558339a72dc10d482392bc343ec2ac7d28217176ccc45c4f07c8a91f

Download Submit
memory/4828-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4920-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download