1e5d3ab16d3ce2aae7a5d19b6bf38853ca4b18df3411b79d2edc4820c2311a7f

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 04:31

Target

77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe
Size

79KB
MD5

77430842f979ff78a2c9c1e15ea26070
SHA1

df36d0e3b4a302a33ddc4dbba231658648efda46
SHA256

1e5d3ab16d3ce2aae7a5d19b6bf38853ca4b18df3411b79d2edc4820c2311a7f
SHA512

055f5d2df884b3114500677a5c5652783c8be4c010f361876bc4a9e9883731aed6c227635eaedb247883130275dd8d4730c6bc7bc372338fc4039d36b817ec49
SSDEEP

1536:zvOu444kuX3UFPRWqykfOQA8AkqUhMb2nuy5wgIP0CSJ+5yStB8GMGlZ5G:zvp4449X+pJWGdqU7uy5w9WMyaN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1632	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 4728	540	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	84
PID 540 wrote to memory of 4728	540	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	84
PID 540 wrote to memory of 4728	540	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	84
PID 4728 wrote to memory of 1632	4728	cmd.exe	85
PID 4728 wrote to memory of 1632	4728	cmd.exe	85
PID 4728 wrote to memory of 1632	4728	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1632

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2231ba6dd1c200708b9c7b7ddfbebad9

SHA1
4b06e5a930598d43bff119c786cabc6df5aaac90

SHA256
8f691d16f2997bce07ab61655b16a0411742b92157b566617103ec268f1d81ca

SHA512
413807e124048ec3f737d1ca64353fff45195d94d171ce59b09101ba375e19cf875a236af0b27e72adfa1cc1af94b572a15f70ad118929418451e36ed968411b

Download Submit
memory/540-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1632-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download