8b0928969a4878737490de1be4646d50f0d9dfaf6155191c7b3873c25b4010e7

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 22:51

Target

6baae98c7b95fe8bdc71ebcc4c684840_NeikiAnalytics.exe
Size

79KB
MD5

6baae98c7b95fe8bdc71ebcc4c684840
SHA1

4a7ee85adee7fee092e9fef07676a29126cbe9bf
SHA256

8b0928969a4878737490de1be4646d50f0d9dfaf6155191c7b3873c25b4010e7
SHA512

0537446ab00337cb0faab4c5c4ad38bc5f2ef150cd3f356aa209a07234d6033a9c9dab78a25b0ec25121deb56a2e99352dd0d0759b3055907f985b300eded349
SSDEEP

1536:zvBECeRKH0pLb1cjOQA8AkqUhMb2nuy5wgIP0CSJ+5ymBB8GMGlZ5G:zvBECe9PGdqU7uy5w9WMymBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2956	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 1444	4212	6baae98c7b95fe8bdc71ebcc4c684840_NeikiAnalytics.exe	82
PID 4212 wrote to memory of 1444	4212	6baae98c7b95fe8bdc71ebcc4c684840_NeikiAnalytics.exe	82
PID 4212 wrote to memory of 1444	4212	6baae98c7b95fe8bdc71ebcc4c684840_NeikiAnalytics.exe	82
PID 1444 wrote to memory of 2956	1444	cmd.exe	83
PID 1444 wrote to memory of 2956	1444	cmd.exe	83
PID 1444 wrote to memory of 2956	1444	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\6baae98c7b95fe8bdc71ebcc4c684840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6baae98c7b95fe8bdc71ebcc4c684840_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2956

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7f024fc65e0b26250e933844f0eb4adb

SHA1
423462d4baa18bb5bee6a4baf400d1aaaf753bc0

SHA256
b03623469b7d6a65c9ffdfc9c59ccb3b05eb1c37d5212aa1408699ccc13c5f8b

SHA512
163115cd462b63f04c239b974bf0acf72bbd15a88a33da8d9701ad104a98f0e26a9ddab8e22761cc8aaee05c9656e90d6aaf6e1b71661bc4d0b7a21265761d4a

Download Submit
memory/2956-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4212-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download