6059921afab2c0c092fbb4cde5e1a4043f86e4a5d893e3ef7158a99209f2ea98

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 03:17

Target

74d6c8445b6385b2f5910e40d0672730_NeikiAnalytics.exe
Size

79KB
MD5

74d6c8445b6385b2f5910e40d0672730
SHA1

126c05f883f8694d2b0fcae93c46eb75a1fa9a45
SHA256

6059921afab2c0c092fbb4cde5e1a4043f86e4a5d893e3ef7158a99209f2ea98
SHA512

992d50ae703775dc94e9b33109bfe9b75bf07603a7c4b39848c3c3d93b5a537d5d5eca7aab905890ff5df6bd09cb2d181a796945e070e806ab5d014c4830151a
SSDEEP

1536:zvsbwww3DBuynr47rQk2GOQA8AkqUhMb2nuy5wgIP0CSJ+5y0BB8GMGlZ5G:zvsKDdrwJ8GdqU7uy5w9WMy0BN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4952	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4732	4344	74d6c8445b6385b2f5910e40d0672730_NeikiAnalytics.exe	83
PID 4344 wrote to memory of 4732	4344	74d6c8445b6385b2f5910e40d0672730_NeikiAnalytics.exe	83
PID 4344 wrote to memory of 4732	4344	74d6c8445b6385b2f5910e40d0672730_NeikiAnalytics.exe	83
PID 4732 wrote to memory of 4952	4732	cmd.exe	84
PID 4732 wrote to memory of 4952	4732	cmd.exe	84
PID 4732 wrote to memory of 4952	4732	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\74d6c8445b6385b2f5910e40d0672730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\74d6c8445b6385b2f5910e40d0672730_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4952

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0894383d10f3239d1e342baafa3f7ee9

SHA1
ea1f0e14c6fc0dcae69657ad18d6e0f592f1f55e

SHA256
a8c64884077270e11189a3c67e3ced5fd7b72ae8059ed77fbe43fcb564d88bcd

SHA512
8e4c65a63ae549df2a05e79404c366557ccedd21287d9101d3fbdb28a847b0994467a3d5038d2ddd434dae34af21c485eaeb4aa4679ad360c70bec1070d6e058

Download Submit
memory/4344-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4952-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download