3507ef89ed397ca13f63c17dbcc77564dd9ded37d5964cb8e94a3fde5b7f86d3

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 03:16

Target

35554c384ad5d5af228b849dc94ba4b0_NeikiAnalytics.exe
Size

79KB
MD5

35554c384ad5d5af228b849dc94ba4b0
SHA1

947adc0864cd72589c9624e2e81a03fe2bf1cf22
SHA256

3507ef89ed397ca13f63c17dbcc77564dd9ded37d5964cb8e94a3fde5b7f86d3
SHA512

d33214dea0c7e77dec12fb1e9cd29e13535e8bb04bbc739c74e0638d8f8bddd9001479025d9f191b630bbff2bf7e91f94c5b1261609acdc2993af62ee2bdd1e0
SSDEEP

1536:zvO/iWQN7sVqtRZuuOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvO6LP7Z+GdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3348	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 700	4088	35554c384ad5d5af228b849dc94ba4b0_NeikiAnalytics.exe	85
PID 4088 wrote to memory of 700	4088	35554c384ad5d5af228b849dc94ba4b0_NeikiAnalytics.exe	85
PID 4088 wrote to memory of 700	4088	35554c384ad5d5af228b849dc94ba4b0_NeikiAnalytics.exe	85
PID 700 wrote to memory of 3348	700	cmd.exe	86
PID 700 wrote to memory of 3348	700	cmd.exe	86
PID 700 wrote to memory of 3348	700	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\35554c384ad5d5af228b849dc94ba4b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\35554c384ad5d5af228b849dc94ba4b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:700
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3348

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0e5ee8b0604d3e46912eabbd6ab62b36

SHA1
56a41e6d0ba8da5c243b84047866400b62664a0e

SHA256
af39fee639ad96fabda9637cc5d0c254ce8463c9ebf9e8f396982ba0c1315838

SHA512
8cbe0825cddca140bbc11c95c6c14d8b3ec20e1bbefade28ae67f6bfec79914b465735317822956edaaff0e3e0ee01b4fe61d76abc04619b98e4ed9e4d2aca7f

Download Submit
memory/3348-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4088-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download