8619eda21a84a066a1871e8c6e988dbbab91555d8b4d67cd9649c57142b236be

Analysis

max time kernel
130s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 06:40

Target

68abadd1bb327049d959fb36132c6150_NeikiAnalytics.exe
Size

79KB
MD5

68abadd1bb327049d959fb36132c6150
SHA1

e51ea4c73edb25531b2c35b110999aca9461349e
SHA256

8619eda21a84a066a1871e8c6e988dbbab91555d8b4d67cd9649c57142b236be
SHA512

36a631ff14b279d0e9f62a3c4d0e16cda12bdefd652fb337f4fb4b76ce206238a7ac1d216607e659a27c72d9337a302f46eb23d449acb68018c4049870720c12
SSDEEP

1536:zvpoooXM5F0qfhj2ipNOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvpoooE062VGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2504	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4444	2184	68abadd1bb327049d959fb36132c6150_NeikiAnalytics.exe	84
PID 2184 wrote to memory of 4444	2184	68abadd1bb327049d959fb36132c6150_NeikiAnalytics.exe	84
PID 2184 wrote to memory of 4444	2184	68abadd1bb327049d959fb36132c6150_NeikiAnalytics.exe	84
PID 4444 wrote to memory of 2504	4444	cmd.exe	85
PID 4444 wrote to memory of 2504	4444	cmd.exe	85
PID 4444 wrote to memory of 2504	4444	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\68abadd1bb327049d959fb36132c6150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\68abadd1bb327049d959fb36132c6150_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4444
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2504

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fe23f8f0e777f2880614c0bacaa16608

SHA1
d48d4ea92668581d19857a6b9fd4b06b4263bd7c

SHA256
f9c985c5bdb87d8017bd63fbea894b30f81e956ae704c29c3e66943e278b1422

SHA512
2638ded74e2f190e2ef5fdd06def5547082105c18940ac2f41a3f0a6b7408cbda29f7cb66beb266a86c0574b5a6d8bc52af8360e76d21c2d7d33a12832eadf6e

Download Submit
memory/2184-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2504-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download