ad374900ade870c686e8fae157eeb2468628d10f8ae3c5e455226f66c0f9a819

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:34

Target

516e7ea56a1ea2d66b5bf6e507c9ae00_NeikiAnalytics.exe
Size

79KB
MD5

516e7ea56a1ea2d66b5bf6e507c9ae00
SHA1

5b31da2f43b8f1b2cf2d1a9528b0afdbb315509c
SHA256

ad374900ade870c686e8fae157eeb2468628d10f8ae3c5e455226f66c0f9a819
SHA512

7ca634bebe372868f4d0c280c5020ae4ea0f867c85bbac736caba1f8a4a0e28e8bbfd4b6d08a522910091cebb903f11bc9911ae2ea84d22c9017e132a99a1c21
SSDEEP

1536:zvcb2flkIfGPGOQA8AkqUhMb2nuy5wgIP0CSJ+5yIB8GMGlZ5G:zvckkI2DGdqU7uy5w9WMyIN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4732	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 6020 wrote to memory of 1232	6020	516e7ea56a1ea2d66b5bf6e507c9ae00_NeikiAnalytics.exe	82
PID 6020 wrote to memory of 1232	6020	516e7ea56a1ea2d66b5bf6e507c9ae00_NeikiAnalytics.exe	82
PID 6020 wrote to memory of 1232	6020	516e7ea56a1ea2d66b5bf6e507c9ae00_NeikiAnalytics.exe	82
PID 1232 wrote to memory of 4732	1232	cmd.exe	83
PID 1232 wrote to memory of 4732	1232	cmd.exe	83
PID 1232 wrote to memory of 4732	1232	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\516e7ea56a1ea2d66b5bf6e507c9ae00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\516e7ea56a1ea2d66b5bf6e507c9ae00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:6020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1232
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4732

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f99db79c3e588bde8af82d97be6a4a03

SHA1
f0a0b1b9ba2e795f36dbc38c12f7a34af6843e5c

SHA256
3b086d6a4f8e6cf9d3defbd4c7d748c1585fec3ddf5597b805bbacf5f400f04a

SHA512
de36d7cf0b4562f4eb3347fb6ad78001c14bcf0e629f8f23ec6558d75abc8702371ea7941effc5d558da066280232a257db68fd059c1ff8f308490bad4327cab

Download Submit
memory/4732-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/6020-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download