9a0207baed4a9918c107807b9ed753f38c208da529acb3f765ef973fc3725a0d

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 07:25

Target

4a850b070781f1995526987991857530_NeikiAnalytics.exe
Size

79KB
MD5

4a850b070781f1995526987991857530
SHA1

464b2ce86df81510f585b5c9040218984b58210d
SHA256

9a0207baed4a9918c107807b9ed753f38c208da529acb3f765ef973fc3725a0d
SHA512

224cd825bfb27c9bdaf70a3c799e0b7712356332d1667ecb84ce5fa59a7af0a92edc06df7853642fb69c90337ccb046169cdf00120733cf91947bd1d849c64ad
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4892	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 4572	5060	4a850b070781f1995526987991857530_NeikiAnalytics.exe	84
PID 5060 wrote to memory of 4572	5060	4a850b070781f1995526987991857530_NeikiAnalytics.exe	84
PID 5060 wrote to memory of 4572	5060	4a850b070781f1995526987991857530_NeikiAnalytics.exe	84
PID 4572 wrote to memory of 4892	4572	cmd.exe	85
PID 4572 wrote to memory of 4892	4572	cmd.exe	85
PID 4572 wrote to memory of 4892	4572	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\4a850b070781f1995526987991857530_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4a850b070781f1995526987991857530_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4572
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4892

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7da42ca102cb06be9b8e756adcc758b6

SHA1
15bcecace804f872f6f622af5753159bada575fb

SHA256
c2a44478d4b7adf8a5c792c91897018926ee344830cd4619946d023e5e124bd9

SHA512
8d06a1fad3c954603c5b8450ce3f0459e56a6e3caa9c3dd22279a3307dc9df33fbe6eaf1a1bd97899730715fcf71ae9f7882fd9c696ac799e5111b2fbfb014c0

Download Submit
memory/4892-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5060-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download