7472139a89fb6fab2ad6d4bbf9d25af652e3c1cdd8e0627304fb026a4e628a03

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 09:29

Target

4f37507ad88a14c17dc187f516d21150_NeikiAnalytics.exe
Size

79KB
MD5

4f37507ad88a14c17dc187f516d21150
SHA1

8878f8af973e24d7d453493b09b6835e32b802a6
SHA256

7472139a89fb6fab2ad6d4bbf9d25af652e3c1cdd8e0627304fb026a4e628a03
SHA512

5ee7b829592accb9379f930b3c7cfd81b3ea131f6347ea8fc63e8201d16c13bb27a70171abb67dce9f498f382d7c584a8cb8bced1fe96d29f3192e753e22b533
SSDEEP

1536:zvqQ9sLaF5OtNJWiMOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvgLIkPJWi5GdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3244	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 3084	1336	4f37507ad88a14c17dc187f516d21150_NeikiAnalytics.exe	82
PID 1336 wrote to memory of 3084	1336	4f37507ad88a14c17dc187f516d21150_NeikiAnalytics.exe	82
PID 1336 wrote to memory of 3084	1336	4f37507ad88a14c17dc187f516d21150_NeikiAnalytics.exe	82
PID 3084 wrote to memory of 3244	3084	cmd.exe	83
PID 3084 wrote to memory of 3244	3084	cmd.exe	83
PID 3084 wrote to memory of 3244	3084	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\4f37507ad88a14c17dc187f516d21150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f37507ad88a14c17dc187f516d21150_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3084
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3244

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e887de233b5f61f863cc0dd8c1ba8e82

SHA1
6614c67932106ff0fbb1c4053241ce720c73c671

SHA256
a4639b65438c807539829e37c97441bd4fdf95cd07baf2a283a998b1888c45ca

SHA512
798a1797600687ab5dd15d1095706c99ad715d93506b3de3658578262a687765f47bcdc29a479203bc7961313d7adfbf3b3f69f1b8a3968874daaee5e4d1db57

Download Submit
memory/1336-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3244-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download