c9daf946618d5b92194d2590d70a25ee34e8c50b1c06e9f4c9d28166098bcf5e

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 03:55

Target

3a4635d9e35fc62418450ee4864c32a0_NeikiAnalytics.exe
Size

79KB
MD5

3a4635d9e35fc62418450ee4864c32a0
SHA1

99fc58ef1e29983c27ccdd93b357423898fc72d7
SHA256

c9daf946618d5b92194d2590d70a25ee34e8c50b1c06e9f4c9d28166098bcf5e
SHA512

fd35c4247abbcde4f6ba7f462a9a9ab3f31a17420a87693accff167682b4921d71b5d618913e45d9e3a8e6ab1369e7e2547ad8f7552e6cccf2e377011dbb1a0c
SSDEEP

1536:zvVcDK/QKq9rOQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvVMLdsGdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1936	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 2304	3404	3a4635d9e35fc62418450ee4864c32a0_NeikiAnalytics.exe	84
PID 3404 wrote to memory of 2304	3404	3a4635d9e35fc62418450ee4864c32a0_NeikiAnalytics.exe	84
PID 3404 wrote to memory of 2304	3404	3a4635d9e35fc62418450ee4864c32a0_NeikiAnalytics.exe	84
PID 2304 wrote to memory of 1936	2304	cmd.exe	85
PID 2304 wrote to memory of 1936	2304	cmd.exe	85
PID 2304 wrote to memory of 1936	2304	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\3a4635d9e35fc62418450ee4864c32a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3a4635d9e35fc62418450ee4864c32a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1936

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ca3485db88af25d351860ca308e701ea

SHA1
973740b878bdd61b6cc16d2773796f68c18f68ef

SHA256
33015f8bd7e7c13c7158abe7e61ffaf4605e3bbac57fde3b67ad09d76b676d31

SHA512
fe1c60513c3365f5064909d772aea60c4e652969a888f06aed400bc691f82dd79a46aec4b35f54dd74e01110ae0c08ca04d51acfa92145d66667c31c31e5334d

Download Submit
memory/1936-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3404-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download