223e5a5e2017736c7e86b4a6b49c459905b3cadf9929081157c9c122ac361b1b

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 22:11

Target

6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe
Size

79KB
MD5

6a5dccf380c1184ea0b92049ceaac3f0
SHA1

fd9b0b2120ca02cfb22a05a172ada82c65b12b49
SHA256

223e5a5e2017736c7e86b4a6b49c459905b3cadf9929081157c9c122ac361b1b
SHA512

fe90c022d7597fb857420744bfbe16be3cd80ca1cfcb671e32052370729459a48f8c8745849794f70ce4fa219da5da6e1950c91d49e703775f46577140f63ba9
SSDEEP

1536:zvIqTisupYrVjLZhkpkxOQA8AkqUhMb2nuy5wgIP0CSJ+5ybB8GMGlZ5G:zvIqJxLnsGdqU7uy5w9WMybN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2692	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 1436	4888	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	82
PID 4888 wrote to memory of 1436	4888	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	82
PID 4888 wrote to memory of 1436	4888	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	82
PID 1436 wrote to memory of 2692	1436	cmd.exe	83
PID 1436 wrote to memory of 2692	1436	cmd.exe	83
PID 1436 wrote to memory of 2692	1436	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1436
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2692

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2613981688f33df642290b4988a16e94

SHA1
f5b20c4f606a8defc5a18207a68bb97132165add

SHA256
806c8c12d1ef15c56277a1744c5496f29da76f8696eb4a312ac22446cef1e647

SHA512
b6eeda492d4f1efa561c5894cc6e46fb4648e18f20ffb49ac292c94168ca3c60ea51dd8d98ceabd7c7db24026248fd36da4b16b021d4fd5d2232ea26f669471d

Download Submit
memory/2692-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4888-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download