eee6b65b070871009ed648eecef4f14f9990e66288685e46089c801c3eafff65

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 05:17

Target

6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe
Size

79KB
MD5

6611120bc166b7eb2721a023fc90f650
SHA1

6048f9146b1c5d80093223f9525577e7fb45f357
SHA256

eee6b65b070871009ed648eecef4f14f9990e66288685e46089c801c3eafff65
SHA512

8dff4e73776004db486bf32206aae809a2cef7cca3d09687a821480fca37308f48932e0e6f3350f638eb32c4c5e611c777813e20be4e6a1b4451bc20750d4958
SSDEEP

1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zv6PsoIGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1612	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 1284	3344	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	84
PID 3344 wrote to memory of 1284	3344	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	84
PID 3344 wrote to memory of 1284	3344	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	84
PID 1284 wrote to memory of 1612	1284	cmd.exe	85
PID 1284 wrote to memory of 1612	1284	cmd.exe	85
PID 1284 wrote to memory of 1612	1284	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1284
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1612

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
085a7ca1bfe6c15cd4aee684ab53b9ca

SHA1
c12f1a391991fea2f927bd514e0a9d044c6829b5

SHA256
5d0c017fa4dbedc939a4941f1d92bd365b755753456f498bada7659f0eedc921

SHA512
233b8df807fa9bb60af2c81fb9660f087d5ba696177e846e9c5dbb000b507fca2a6a3d8d61a6deabda2c7dc0dd47169efa6d4b561967005368979c60f4d073a0

Download Submit
memory/1612-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3344-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download