66fbc6175bfa16847e1307c8613f265941ee3ebde85a61a8b6bc139e47660260

Analysis

max time kernel
131s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 21:51

Target

69b83dd07c4520dd94a6b2709e803fb0_NeikiAnalytics.exe
Size

79KB
MD5

69b83dd07c4520dd94a6b2709e803fb0
SHA1

406f4c0fc07348e88107fced234f86be1e917c68
SHA256

66fbc6175bfa16847e1307c8613f265941ee3ebde85a61a8b6bc139e47660260
SHA512

d823b5322039769e8812e049ce64310da529165ac69d3972ad0be9926226aabef1df7ece675e0ca4bb45d507932bf7637ee6b31c4ccbf3e386f67a6ff2f1acb8
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5yvB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMyvN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1824	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 3008	1488	69b83dd07c4520dd94a6b2709e803fb0_NeikiAnalytics.exe	83
PID 1488 wrote to memory of 3008	1488	69b83dd07c4520dd94a6b2709e803fb0_NeikiAnalytics.exe	83
PID 1488 wrote to memory of 3008	1488	69b83dd07c4520dd94a6b2709e803fb0_NeikiAnalytics.exe	83
PID 3008 wrote to memory of 1824	3008	cmd.exe	84
PID 3008 wrote to memory of 1824	3008	cmd.exe	84
PID 3008 wrote to memory of 1824	3008	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\69b83dd07c4520dd94a6b2709e803fb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\69b83dd07c4520dd94a6b2709e803fb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1824

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3acf8e25847167b9887228341f562e24

SHA1
a8547003d445e5eccac24911ee422db33305c943

SHA256
215cafb881b5e2b6a41e4828d2466881e3d9b9cf61dd3292ca2c5eed51554e22

SHA512
14415c34020c3923168467c9517794e8433ae6e2c925db9a481a452ae01eae132a7e34934e665fb497d90268a948cd4b5a6757cc8276131c73cb26167767e5cb

Download Submit
memory/1488-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1824-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download