1fb50ac833401854fbc07957b110a2facb77f0b0b60cce9dd4afa8cdfa2c98c5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 03:51

Target

633cc60a2b642103c1be9b30a8b32cd0_NeikiAnalytics.exe
Size

79KB
MD5

633cc60a2b642103c1be9b30a8b32cd0
SHA1

02d2f709f02dc14da223f31b75eb1a78d86a9872
SHA256

1fb50ac833401854fbc07957b110a2facb77f0b0b60cce9dd4afa8cdfa2c98c5
SHA512

089aa5a61beadeba32a5cf25d912f894108900ac6a1085c11fe3819229a8bf0f05e93cbb50a7afbd0b885da5673f12f8212f34c7d43dcb27dc09a0d54902f0ac
SSDEEP

1536:zvdfDDP0qcjD/i94THp3OQA8AkqUhMb2nuy5wgIP0CSJ+5yBB8GMGlZ5G:zvdfDDP0qcPjTH4GdqU7uy5w9WMyBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2396	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 2680	240	633cc60a2b642103c1be9b30a8b32cd0_NeikiAnalytics.exe	83
PID 240 wrote to memory of 2680	240	633cc60a2b642103c1be9b30a8b32cd0_NeikiAnalytics.exe	83
PID 240 wrote to memory of 2680	240	633cc60a2b642103c1be9b30a8b32cd0_NeikiAnalytics.exe	83
PID 2680 wrote to memory of 2396	2680	cmd.exe	84
PID 2680 wrote to memory of 2396	2680	cmd.exe	84
PID 2680 wrote to memory of 2396	2680	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\633cc60a2b642103c1be9b30a8b32cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\633cc60a2b642103c1be9b30a8b32cd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2396

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fb0c25f01a9e18d802cf305dc1a9f8bf

SHA1
5f8858902e3219136e1590e148dd2d28b7aba88f

SHA256
a5ec4a41054b12d96db04a0c4c42a1c08345af03545fa3468a381e40cdbac220

SHA512
7bc1896aaa830f4a847fb9b49644ea8fb085a6014a391b91b015be71fb76771139ad8ef54868f1f30673bbb30ee6bb4a160b9c77ada7144ef4b4394d4b3ea52a

Download Submit
memory/240-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2396-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download