56eafc032e847f32333bbe93cc40c78016a3f0415364ec1e14dde68f80aeec4a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 03:53

Target

634e58c0f452d8a5d976e8f1023332d0_NeikiAnalytics.exe
Size

79KB
MD5

634e58c0f452d8a5d976e8f1023332d0
SHA1

ead3154405468e9d4d3072636aae8142b8c39e90
SHA256

56eafc032e847f32333bbe93cc40c78016a3f0415364ec1e14dde68f80aeec4a
SHA512

fb1196afcc4e7d566f5bd95b4eb7e2187ea3b8e639a9b44e0a6c2e94882a06d3e5cf50120298336576866c365124422b2ea9354ce76e7b767f75bb1d4e95c3b6
SSDEEP

1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5yXB8GMGlZ5G:zvgMa2GdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
624	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 4228	840	634e58c0f452d8a5d976e8f1023332d0_NeikiAnalytics.exe	84
PID 840 wrote to memory of 4228	840	634e58c0f452d8a5d976e8f1023332d0_NeikiAnalytics.exe	84
PID 840 wrote to memory of 4228	840	634e58c0f452d8a5d976e8f1023332d0_NeikiAnalytics.exe	84
PID 4228 wrote to memory of 624	4228	cmd.exe	85
PID 4228 wrote to memory of 624	4228	cmd.exe	85
PID 4228 wrote to memory of 624	4228	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\634e58c0f452d8a5d976e8f1023332d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\634e58c0f452d8a5d976e8f1023332d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:840
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:624

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
145e51b117c78878bb3d19f6710f7bb1

SHA1
b3497dbda5beea898cfa6f1a8f6971003f495b3a

SHA256
b61dd82394158b9da2df3f9f2d2ede81ff04b7a74cee401635cc30c6e8557c1e

SHA512
8a50ae5041f7fc0e035a0906c64bfd44b9f39157dbd4124299c2eeeb9ec81b7837342943630c26bd3d57a1fad2e99ca998e34bad9e032f19f350f3e251d74319

Download Submit
memory/624-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/840-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download