763d74359e0dd05b106d68b9cc0293b9960443233b0f0345c01e36030b6209c1

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 10:42

Target

51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
Size

73KB
MD5

51b0d1009a9af362052c2b7f808f6fa0
SHA1

0d15e864daeb5d81b770c2474f880d50ce700ce7
SHA256

763d74359e0dd05b106d68b9cc0293b9960443233b0f0345c01e36030b6209c1
SHA512

b6c78e92bf5275f74e196f460b8818467c608c23e4d69d2ceef470ee5a0f2d6c03be2e28982738015e65c9f17db04b9fac24987378268acef1f04466277f1275
SSDEEP

1536:hbLvRJ+Q0re1apK5QPqfhVWbdsmA+RjPFLC+e5hkD0ZGUGf2g:hnPHCNPqfcxA+HFshqOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2348	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3432 wrote to memory of 4984	3432	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	83
PID 3432 wrote to memory of 4984	3432	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	83
PID 3432 wrote to memory of 4984	3432	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	83
PID 4984 wrote to memory of 2348	4984	cmd.exe	84
PID 4984 wrote to memory of 2348	4984	cmd.exe	84
PID 4984 wrote to memory of 2348	4984	cmd.exe	84
PID 2348 wrote to memory of 3696	2348	[email protected]	85
PID 2348 wrote to memory of 3696	2348	[email protected]	85
PID 2348 wrote to memory of 3696	2348	[email protected]	85

C:\Users\Admin\AppData\Local\Temp\51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3432
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2348
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3696

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
645b127a723b0b6b9942068639712120

SHA1
7a869ffcc272952acbd1425413b113d3dd917ba1

SHA256
e391f7580141f5cc30b73cd28658733cef9aebfda9a51b6f4acebe8ef0ed2c5c

SHA512
0d03b82222c1e2c6d19eeca89ad38cdc4b2acbfa4117d30766ade3c1792d1d79ddbcb8e3c6137c8207acc603457b3f1d1f0eea7dbf3c49868e9f46bd66ccf385

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/2348-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3432-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download