de18eb35003c660869ccb9d1fb95a000bc4a477fde10026c342558a982402e8a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 23:43

Target

84c293bd713d10469828fd3c27d3aef0_NeikiAnalytics.exe
Size

79KB
MD5

84c293bd713d10469828fd3c27d3aef0
SHA1

8c6ba8dde8c4d1d11a41ff8630e6f828e07075ec
SHA256

de18eb35003c660869ccb9d1fb95a000bc4a477fde10026c342558a982402e8a
SHA512

7da9626626d2acd7d9f2dc63a83e871efb9eefcf46ce9e8ec20af97131dff4134e9a6c5cf0c633a6938e20cdd5aa98ae3077295c0c6b2b9c8d6cb490f1188faa
SSDEEP

1536:zvykNury4ziZIiOQA8AkqUhMb2nuy5wgIP0CSJ+5y+B8GMGlZ5G:zvXh0KIHGdqU7uy5w9WMy+N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3260	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 4752	836	84c293bd713d10469828fd3c27d3aef0_NeikiAnalytics.exe	84
PID 836 wrote to memory of 4752	836	84c293bd713d10469828fd3c27d3aef0_NeikiAnalytics.exe	84
PID 836 wrote to memory of 4752	836	84c293bd713d10469828fd3c27d3aef0_NeikiAnalytics.exe	84
PID 4752 wrote to memory of 3260	4752	cmd.exe	85
PID 4752 wrote to memory of 3260	4752	cmd.exe	85
PID 4752 wrote to memory of 3260	4752	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\84c293bd713d10469828fd3c27d3aef0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\84c293bd713d10469828fd3c27d3aef0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3260

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f623b59d6a0b4ca141578d6f698ae493

SHA1
71e1e8fb90ad8521d9e3d172cb3ffcea43e1017e

SHA256
c45e911e4b31db2e25655055721b0b023ac027cf882291bd84d05618d3e934b9

SHA512
26830411b8cc7ef4e9bcaf5b6bf4d2583393436c6ad49beef888593ed727616102aaabe42cdd137cb564942e46ed226c97f7da8ac73275c650430ea1edf3452f

Download Submit
memory/836-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3260-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download