ed0f968e8e9ea0cda5a8fb6ad9dc406368715d0e09eea4f0d0316f598e6980ef

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:19

Target

50e9cff727eb6c88762240e284ded9d0_NeikiAnalytics.exe
Size

79KB
MD5

50e9cff727eb6c88762240e284ded9d0
SHA1

4bc1b106d21a18e96d12019201561599318853e9
SHA256

ed0f968e8e9ea0cda5a8fb6ad9dc406368715d0e09eea4f0d0316f598e6980ef
SHA512

af4b6d70bc0ff15d7c35ce0aed1ee572a921989fafcafc62dc6c322bdd8c16151adf4fdcae96fd65a9a6ce2b092e88a5c6084739627d6ede154b2512082cfffc
SSDEEP

1536:zvO/iWQN7sVqtRZuuOQA8AkqUhMb2nuy5wgIP0CSJ+5yrB8GMGlZ5G:zvO6LP7Z+GdqU7uy5w9WMyrN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3068	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3120	1428	50e9cff727eb6c88762240e284ded9d0_NeikiAnalytics.exe	84
PID 1428 wrote to memory of 3120	1428	50e9cff727eb6c88762240e284ded9d0_NeikiAnalytics.exe	84
PID 1428 wrote to memory of 3120	1428	50e9cff727eb6c88762240e284ded9d0_NeikiAnalytics.exe	84
PID 3120 wrote to memory of 3068	3120	cmd.exe	85
PID 3120 wrote to memory of 3068	3120	cmd.exe	85
PID 3120 wrote to memory of 3068	3120	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\50e9cff727eb6c88762240e284ded9d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\50e9cff727eb6c88762240e284ded9d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3120
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3068

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d38ab3419635245332cbf557de6869c5

SHA1
1b50ca4b637595d6015551eaf2bb73c892b7341a

SHA256
2513e0d82aff3a20c753fb5867cd6049bb290187b04ac1a2192068db68d37b32

SHA512
c4ee918203e8d75f90b711bce0bbf31536bce6f2c4cac972ba61ee531e173e0d4106b49cbade91374405e72eac6917d7b4e2689dafeb25163c4d2fd18d99c7c9

Download Submit
memory/1428-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3068-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download