e58892b99ecd460f222f2490d1cc1612dd825e4a0deb79414fc066ee40b6da27

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 00:08

Target

1c7c8c7194ef98cf96de41740e006390_NeikiAnalytics.exe
Size

79KB
MD5

1c7c8c7194ef98cf96de41740e006390
SHA1

30298fd0cd89ea79acc23cd90e3b7210eebe6100
SHA256

e58892b99ecd460f222f2490d1cc1612dd825e4a0deb79414fc066ee40b6da27
SHA512

5f984a3bfa0cb4b13724f8efc6ca7f6d2cf84383bc879973ff0765ed21294d55838f4c3dbe8232cfdabd1814483003682c50260ea9d6aa5f6a24fa5c7433881b
SSDEEP

1536:zvESC2WTJJIMqKoOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvE0WTJJ0KtGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 3064	1388	1c7c8c7194ef98cf96de41740e006390_NeikiAnalytics.exe	83
PID 1388 wrote to memory of 3064	1388	1c7c8c7194ef98cf96de41740e006390_NeikiAnalytics.exe	83
PID 1388 wrote to memory of 3064	1388	1c7c8c7194ef98cf96de41740e006390_NeikiAnalytics.exe	83
PID 3064 wrote to memory of 2600	3064	cmd.exe	84
PID 3064 wrote to memory of 2600	3064	cmd.exe	84
PID 3064 wrote to memory of 2600	3064	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\1c7c8c7194ef98cf96de41740e006390_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1c7c8c7194ef98cf96de41740e006390_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2600

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4db5a1a350f6faffc457fdcf4335e316

SHA1
157ec3ab4f8af43590137e075fe7e4d2706e0505

SHA256
2fc2317256b81aec6aeb447c5229005832dc64e2a5eec225d90156c89ad7303e

SHA512
90311270c49cdda553a59e8af93f030a55fd33b54d3b61561ab6049fe3db9a910636d0698faab422b5455c489b1c77c9e3cfd4e35766566f3053a6b036deeb32

Download Submit
memory/1388-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2600-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download