ea8456f04168c16f311736f54e1446e96d0bf707b3e433e1c9e5492defe50c95

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 08:16

Target

4c702da8afa2197fced6a1e050951d40_NeikiAnalytics.exe
Size

79KB
MD5

4c702da8afa2197fced6a1e050951d40
SHA1

fe4408a046bea8714238bf64cb0fecc84eb3d6f4
SHA256

ea8456f04168c16f311736f54e1446e96d0bf707b3e433e1c9e5492defe50c95
SHA512

a6db81e4610bf0f609368942e523ff7234a94f167c681b46a7b918f42fcf8d1720ed45d9b0781bf9cd2d4b1d05d2ad3f2f339afad0b2a820015582742b2954c1
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yFB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyFN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
340	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 1196	4408	4c702da8afa2197fced6a1e050951d40_NeikiAnalytics.exe	83
PID 4408 wrote to memory of 1196	4408	4c702da8afa2197fced6a1e050951d40_NeikiAnalytics.exe	83
PID 4408 wrote to memory of 1196	4408	4c702da8afa2197fced6a1e050951d40_NeikiAnalytics.exe	83
PID 1196 wrote to memory of 340	1196	cmd.exe	84
PID 1196 wrote to memory of 340	1196	cmd.exe	84
PID 1196 wrote to memory of 340	1196	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\4c702da8afa2197fced6a1e050951d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c702da8afa2197fced6a1e050951d40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1196
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:340

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
77faa1fd236be4a7478969837ae517a8

SHA1
c47d93ce4e58f776684361cdcf3b4da53e91ab9e

SHA256
4dd2ec02bb14819ece42977b3fc2684718f29644b41cf6c8470b15de295a4f45

SHA512
5944818120b868c742d843c860fdf437a23ab4653987dba380be62fbfcab7ac123c2d010652956482a4feb370aa23b2d468261eb086789679c7de5a69c12e0de

Download Submit
memory/340-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4408-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download