81d0be33f637651a8c18c949ed24afb92929a941cef977975d3fcde93483e39e

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 04:48

Target

77c962506f7b59a3cda237db5dc71560_NeikiAnalytics.exe
Size

79KB
MD5

77c962506f7b59a3cda237db5dc71560
SHA1

6745c88d6ddd4d1a3de7a348cc176f7cf8b2f2f5
SHA256

81d0be33f637651a8c18c949ed24afb92929a941cef977975d3fcde93483e39e
SHA512

8e1b4746e31636ce502934c0e81ba791b1bce031575fecd7265cd83380e6ad7049012fb1785595f3c6711e73603b17a243a75e07f24e63c8c9af8bf185e0de97
SSDEEP

1536:zvBxiUe6NzJD/KUIxBOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvBxigEU8wGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4392	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 3280	3600	77c962506f7b59a3cda237db5dc71560_NeikiAnalytics.exe	82
PID 3600 wrote to memory of 3280	3600	77c962506f7b59a3cda237db5dc71560_NeikiAnalytics.exe	82
PID 3600 wrote to memory of 3280	3600	77c962506f7b59a3cda237db5dc71560_NeikiAnalytics.exe	82
PID 3280 wrote to memory of 4392	3280	cmd.exe	83
PID 3280 wrote to memory of 4392	3280	cmd.exe	83
PID 3280 wrote to memory of 4392	3280	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\77c962506f7b59a3cda237db5dc71560_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\77c962506f7b59a3cda237db5dc71560_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3280
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4392

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
191aabb1a359cd6e67788352ebbd3de9

SHA1
b346ebbd3a1d8a4ad917536ed0bf895777153c41

SHA256
0441a5b1f17f917c15f231eec93af01a4b1cf702b70c793c11862e3ee5773d26

SHA512
e0a422a405194eb21c0cf79059c2922c1cee760eb982c420b459b46c55a8e4efd55460ee948382e0795fbce8618403f499a0c11ad15633d7f3ae99fc1c3d6f60

Download Submit
memory/3600-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4392-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download