7795a312c753fb3d9f4edaa503c056c3a86dc0bb48de169250bce8e72828d581

Analysis

max time kernel
131s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 05:21

Target

6633752b078d5d1218f149b82b3a6e20_NeikiAnalytics.exe
Size

79KB
MD5

6633752b078d5d1218f149b82b3a6e20
SHA1

18acf8d8f09ad76f9b5907be32fe65d4244eae01
SHA256

7795a312c753fb3d9f4edaa503c056c3a86dc0bb48de169250bce8e72828d581
SHA512

6a496089fd67334a0ffec0b0a17dde767ddfec84356ae387923c1e2dc8b57afaae649048372c24a617b169e3a237129ab1f32f652adcb2f586c74659d6bfb56e
SSDEEP

1536:zvSPRRRf384f0+zOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zv0RRRfZfQGdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2884	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2468	3048	6633752b078d5d1218f149b82b3a6e20_NeikiAnalytics.exe	84
PID 3048 wrote to memory of 2468	3048	6633752b078d5d1218f149b82b3a6e20_NeikiAnalytics.exe	84
PID 3048 wrote to memory of 2468	3048	6633752b078d5d1218f149b82b3a6e20_NeikiAnalytics.exe	84
PID 2468 wrote to memory of 2884	2468	cmd.exe	85
PID 2468 wrote to memory of 2884	2468	cmd.exe	85
PID 2468 wrote to memory of 2884	2468	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\6633752b078d5d1218f149b82b3a6e20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6633752b078d5d1218f149b82b3a6e20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2884

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fc0f142e3a6929bfc91eb8a3d641ffea

SHA1
be230eb7db3fa10f47643102d1939d32c5d8bedf

SHA256
0f05974fe03dfd4312cd49063d7c8e2b31a694cf0428b8c5dde46756a9db5d39

SHA512
bf9406749aeee02d5753a9f4d0167d399cf48fcdb14bdeb7d711a7210d96e95391116cd6b902fd7fc0a5f3dffe70bf0664e1b1f9b3a94374e3f4256ce87f5e30

Download Submit
memory/2884-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3048-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download