fa787dedc974509d64dcd9afa1f3722103c49178870563b76ee662c1f88c57d0

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 21:50

Target

8115665a1950927feb6bf5c0d155e960_NeikiAnalytics.exe
Size

79KB
MD5

8115665a1950927feb6bf5c0d155e960
SHA1

310bc4e6fcae8857bd78fa2c34a52cf02518219e
SHA256

fa787dedc974509d64dcd9afa1f3722103c49178870563b76ee662c1f88c57d0
SHA512

b47876f53b21dba5a0faa44309e7ad40a5d1afe699aadb1ff9bcd8228df50ec82360152e142b154ca8dd47876779e559bc5b1da5361facf8200313d2daa2a294
SSDEEP

1536:zvuE77Aou+e+OQA8AkqUhMb2nuy5wgIP0CSJ+5yuB8GMGlZ5G:zvuE7c+MGdqU7uy5w9WMyuN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3224	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 3248	3748	8115665a1950927feb6bf5c0d155e960_NeikiAnalytics.exe	84
PID 3748 wrote to memory of 3248	3748	8115665a1950927feb6bf5c0d155e960_NeikiAnalytics.exe	84
PID 3748 wrote to memory of 3248	3748	8115665a1950927feb6bf5c0d155e960_NeikiAnalytics.exe	84
PID 3248 wrote to memory of 3224	3248	cmd.exe	85
PID 3248 wrote to memory of 3224	3248	cmd.exe	85
PID 3248 wrote to memory of 3224	3248	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\8115665a1950927feb6bf5c0d155e960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8115665a1950927feb6bf5c0d155e960_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3224

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6a8076cfafb995c87d30aaa3d9c2ddd1

SHA1
36959292304bb4858817e537e1054e079212e864

SHA256
536707be3300f4cf8144fe640feec40a989f68ca8aefe22310feada6a14fdd48

SHA512
053f8ff46b6ca59198e62084fa5dd3c41c7a822fde7a8e177d875400f750bbb4d581d0361caafff6879d35182a4bc3e2e595900552a71a305bf834bd6d258e98

Download Submit
memory/3224-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3748-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download