ae8095b0db26e11d9b7d7956d2aadcac94ab925fb8ceb02400532cc6710079e3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:47

Target

29b7015aaa46a20ddd293cf2d0df8730_NeikiAnalytics.exe
Size

79KB
MD5

29b7015aaa46a20ddd293cf2d0df8730
SHA1

7979ea6bb140f12c1227ffb5a0cfaea367efaf2c
SHA256

ae8095b0db26e11d9b7d7956d2aadcac94ab925fb8ceb02400532cc6710079e3
SHA512

08a9b971c1d392b5c539bc7aca94d0416af4ce5e33be8fe7ae443fd7d57b6ffcaa5e0618273ca4a5f95148beb4c18a2ba3cd33dd4beda0dc12660de51906c0c3
SSDEEP

1536:zvnkjhiUanSOQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvnZbXGdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3364	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 4204	3960	29b7015aaa46a20ddd293cf2d0df8730_NeikiAnalytics.exe	84
PID 3960 wrote to memory of 4204	3960	29b7015aaa46a20ddd293cf2d0df8730_NeikiAnalytics.exe	84
PID 3960 wrote to memory of 4204	3960	29b7015aaa46a20ddd293cf2d0df8730_NeikiAnalytics.exe	84
PID 4204 wrote to memory of 3364	4204	cmd.exe	85
PID 4204 wrote to memory of 3364	4204	cmd.exe	85
PID 4204 wrote to memory of 3364	4204	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\29b7015aaa46a20ddd293cf2d0df8730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\29b7015aaa46a20ddd293cf2d0df8730_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4204
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3364

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
63c2ced59d43d6241c09a63a2ec601e7

SHA1
9f9ceca5ca6e0cae91d12cf9039ad21d88e228e4

SHA256
ed94e079e2a4d102e99c56f1537ce675941777a4bc4cdf1acf9e207398a7e59d

SHA512
ba5f677365ed26a1efbe7981cebd9eb3a7295001d51feda3893cbc614c5eab7d8aa86dd197367e3bd226d0db55d1c9b37b17cad3aaa11ed8ec0d70f2bade1f6a

Download Submit
memory/3364-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3960-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download