7ef05dcea3a86aa40f14678fe3389d8bece50a385d2a18028599a03de4905c2c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 08:35

Target

4d2739714ff283767c979dfdc0abaa00_NeikiAnalytics.exe
Size

79KB
MD5

4d2739714ff283767c979dfdc0abaa00
SHA1

e01955e4f7a65d96bccee0b043b76a815905278c
SHA256

7ef05dcea3a86aa40f14678fe3389d8bece50a385d2a18028599a03de4905c2c
SHA512

bdad3091f5eef46ce44668c194f2291e51c3d9037a067cd8e8bfc9883fc3fd8e515a44f98340cba3e102895a98ff355858d5922884df85b513905279b74607e6
SSDEEP

1536:zveCNhYfGI1hzeX5kW6OQA8AkqUhMb2nuy5wgIP0CSJ+5yAB8GMGlZ5G:zvbhZIjeRPGdqU7uy5w9WMyAN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4892	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 996	2744	4d2739714ff283767c979dfdc0abaa00_NeikiAnalytics.exe	83
PID 2744 wrote to memory of 996	2744	4d2739714ff283767c979dfdc0abaa00_NeikiAnalytics.exe	83
PID 2744 wrote to memory of 996	2744	4d2739714ff283767c979dfdc0abaa00_NeikiAnalytics.exe	83
PID 996 wrote to memory of 4892	996	cmd.exe	84
PID 996 wrote to memory of 4892	996	cmd.exe	84
PID 996 wrote to memory of 4892	996	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\4d2739714ff283767c979dfdc0abaa00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d2739714ff283767c979dfdc0abaa00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4892

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b0c8bae7ec995ca8756aa80d8b97bdf7

SHA1
fe869be641a69418be80bb5e148182b078ffc35e

SHA256
cd08a246e1e20fc68574c37cc9e1c56cf77cc15bb5da8fc9830e7beba8b80f6b

SHA512
d311f4195117b7dbcd07694a1a1928a8d758d16618a1f338aa1625706c7fef64bccf6b13ce8367217624a79c70f7cc5383786d4e9b457a1f9a017d9b434340dd

Download Submit
memory/2744-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4892-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download