1187b20e9eaead243a92dae1c48b9cfcbd3d18f12f8046a2b2f96db515e9220c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 04:19

Target

3d598de223d22faad0c6f04834d50ab0_NeikiAnalytics.exe
Size

79KB
MD5

3d598de223d22faad0c6f04834d50ab0
SHA1

9e7843b96e531f78bcdc84acb912734416b30405
SHA256

1187b20e9eaead243a92dae1c48b9cfcbd3d18f12f8046a2b2f96db515e9220c
SHA512

cb403dfebd10c6e672d226c6bdcad06e340fdccdf5c142af84f5479694ddd0a726e265f1e752989239db0687e713f7c94a5b21223e24b380ef3b9c87952dce45
SSDEEP

1536:zvpoooXM5F0qfhj2ipNOQA8AkqUhMb2nuy5wgIP0CSJ+5yEB8GMGlZ5G:zvpoooE062VGdqU7uy5w9WMyEN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3228	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2624	2012	3d598de223d22faad0c6f04834d50ab0_NeikiAnalytics.exe	82
PID 2012 wrote to memory of 2624	2012	3d598de223d22faad0c6f04834d50ab0_NeikiAnalytics.exe	82
PID 2012 wrote to memory of 2624	2012	3d598de223d22faad0c6f04834d50ab0_NeikiAnalytics.exe	82
PID 2624 wrote to memory of 3228	2624	cmd.exe	83
PID 2624 wrote to memory of 3228	2624	cmd.exe	83
PID 2624 wrote to memory of 3228	2624	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\3d598de223d22faad0c6f04834d50ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3d598de223d22faad0c6f04834d50ab0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3228

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2699fc0d86af9d4176e51bae2659597f

SHA1
c5989a3f76d609576c41900426d975686a7a01be

SHA256
58f4783e62d4e55458ab271a970044490c13c44f9bd39860daf2bc0d550ba94f

SHA512
7bd857be815e01a70c42f122df505b604de8981004818834897a935f15a3b9d469c3debe849424465e7aa5bbf36d5a4d294ac9c097a890de770479000e1b149b

Download Submit
memory/2012-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3228-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download