089a7cbd6bb48846bab194d0f1192b005c808b8f77d916c7b9bd0b20e675d164

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 23:41

Target

84b163c085d9e8f04cc7bcd51d7f3aa0_NeikiAnalytics.exe
Size

79KB
MD5

84b163c085d9e8f04cc7bcd51d7f3aa0
SHA1

7268a3419ab93f5ccf8b33178e194ba5ac2b14e4
SHA256

089a7cbd6bb48846bab194d0f1192b005c808b8f77d916c7b9bd0b20e675d164
SHA512

e16963f8f87d1c65ae56cc4ac77162545980297c3115883d14bbb7e72006177becc580f9aa2014451b51434cc2ac906c4152e32ef4a92c801a9ecdccdac5659a
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5yKB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
668	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 1852	4548	84b163c085d9e8f04cc7bcd51d7f3aa0_NeikiAnalytics.exe	83
PID 4548 wrote to memory of 1852	4548	84b163c085d9e8f04cc7bcd51d7f3aa0_NeikiAnalytics.exe	83
PID 4548 wrote to memory of 1852	4548	84b163c085d9e8f04cc7bcd51d7f3aa0_NeikiAnalytics.exe	83
PID 1852 wrote to memory of 668	1852	cmd.exe	84
PID 1852 wrote to memory of 668	1852	cmd.exe	84
PID 1852 wrote to memory of 668	1852	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\84b163c085d9e8f04cc7bcd51d7f3aa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\84b163c085d9e8f04cc7bcd51d7f3aa0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:668

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f0b4b7af4d68ea9b85648eb8dc91e151

SHA1
0a12083d1ba895cb5f45177ac7e2e9d7a4ffa5cf

SHA256
d31df750038ec5666b88f3e5d93f07cf103be76e572eb397d3e1b6397fc98c87

SHA512
87399ec9eee4254ceb9e4f17f1ab10bbc0fc502bfa156863c6ddf5332a04bf4915265def8c920fd3dc6875840e7ddea3af833ebd542cd3a86bfa60aba2b5e0be

Download Submit
memory/668-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4548-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download