548cf75e7abfb400bbf05576fe0d1c65234c3aaa2210607705338e5623f897ae

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 22:20

Target

820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe
Size

79KB
MD5

820e52d1d10c5b9e6d1fe30b3ee0ab70
SHA1

e9c3ec2956b55702ea4bfb589ea2bed3f03dd9c6
SHA256

548cf75e7abfb400bbf05576fe0d1c65234c3aaa2210607705338e5623f897ae
SHA512

56158135838260f1b571717c86e96b83918beed051baf09b71083a9e72fffb30c4a01ac1728f9356dd3c06a89c4fb6b6710f63064d295bdc3d9a9e70ef2953bd
SSDEEP

1536:zvpe1QMQ+OQA8AkqUhMb2nuy5wgIP0CSJ+5y8B8GMGlZ5G:zvpe1crGdqU7uy5w9WMy8N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
816	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 5348	4512	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	82
PID 4512 wrote to memory of 5348	4512	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	82
PID 4512 wrote to memory of 5348	4512	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	82
PID 5348 wrote to memory of 816	5348	cmd.exe	83
PID 5348 wrote to memory of 816	5348	cmd.exe	83
PID 5348 wrote to memory of 816	5348	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5348
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:816

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d0cac962c9ccca6c67893016e740c16f

SHA1
da82fc95e07cb7cd16b868529a2beec9874329c6

SHA256
aea8e70dff06e273d7f7f344b4964d6aae81d60327c6ccc66a6335b605bc1c1e

SHA512
e5e858123db8c532583a62e1970b423f996bdb9067bd83033a705349f5222990d1717a881af121a9f98422314919ec92ca9ec0563dbe67cb5c21fdccc39c3b4e

Download Submit
memory/816-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4512-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download