5953b35def7fcd3612188646885002b39a5898aba3c678a5a005cd9c81a0e81e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 04:32

Target

64af3d2a53a7a75cae2e8bd78759b6a0_NeikiAnalytics.exe
Size

79KB
MD5

64af3d2a53a7a75cae2e8bd78759b6a0
SHA1

16cc794a137f696d3f6bed544981f906cf8784b5
SHA256

5953b35def7fcd3612188646885002b39a5898aba3c678a5a005cd9c81a0e81e
SHA512

a66246e0f89d9cd4ee0cc513ec3452975d54da4b06cef309143e281befaad09236896bb480b4b8da7357ce77cda83a8acdda25540256237abcba98601d980a1e
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yZAB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1196	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 1112	4352	64af3d2a53a7a75cae2e8bd78759b6a0_NeikiAnalytics.exe	84
PID 4352 wrote to memory of 1112	4352	64af3d2a53a7a75cae2e8bd78759b6a0_NeikiAnalytics.exe	84
PID 4352 wrote to memory of 1112	4352	64af3d2a53a7a75cae2e8bd78759b6a0_NeikiAnalytics.exe	84
PID 1112 wrote to memory of 1196	1112	cmd.exe	85
PID 1112 wrote to memory of 1196	1112	cmd.exe	85
PID 1112 wrote to memory of 1196	1112	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\64af3d2a53a7a75cae2e8bd78759b6a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\64af3d2a53a7a75cae2e8bd78759b6a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1196

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5e107aa5e525d284bf0df1ccfe17cf30

SHA1
e5f6053dad186cbe31b4c652698ccd6c99365088

SHA256
85b5aa2a50f61669ae4fb5206211885f6325f2b11a4d28b61789535468ad9b71

SHA512
7827bc0718ab0a2f804c4e75f9adc7191c6353bd3072d5a227a82afad0bb56056373efdec7a52997f0aa3396eb4201a774165bc06fcf101cbede607d171ff78c

Download Submit
memory/1196-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4352-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download