be3331c812b83efe63adde9674958d9b53aedb62b56ffaf4efb34e7ba29f3878

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 05:38

Target

7959a05b13be58a516a82f3eb7e040f0_NeikiAnalytics.exe
Size

73KB
MD5

7959a05b13be58a516a82f3eb7e040f0
SHA1

d93bbbe74d3a0f4e32ad8275d9515ee747cbe965
SHA256

be3331c812b83efe63adde9674958d9b53aedb62b56ffaf4efb34e7ba29f3878
SHA512

46c95512ba397dcb19cef9ad61d6fdda5dc4e952fc98d89d3f85e3d163e15fa40b604eac442fc929e29c9d4a112431a91564a35e9af72fbcfca4ce9cde234379
SSDEEP

1536:hbJYXxbh1oifK5QPqfhVWbdsmA+RjPFLC+e5h80ZGUGf2g:hu7WifNPqfcxA+HFsh8Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4800	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3780 wrote to memory of 4680	3780	7959a05b13be58a516a82f3eb7e040f0_NeikiAnalytics.exe	84
PID 3780 wrote to memory of 4680	3780	7959a05b13be58a516a82f3eb7e040f0_NeikiAnalytics.exe	84
PID 3780 wrote to memory of 4680	3780	7959a05b13be58a516a82f3eb7e040f0_NeikiAnalytics.exe	84
PID 4680 wrote to memory of 4800	4680	cmd.exe	85
PID 4680 wrote to memory of 4800	4680	cmd.exe	85
PID 4680 wrote to memory of 4800	4680	cmd.exe	85
PID 4800 wrote to memory of 1960	4800	[email protected]	86
PID 4800 wrote to memory of 1960	4800	[email protected]	86
PID 4800 wrote to memory of 1960	4800	[email protected]	86

C:\Users\Admin\AppData\Local\Temp\7959a05b13be58a516a82f3eb7e040f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7959a05b13be58a516a82f3eb7e040f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4680
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4800
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1960

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
b98ce4a2f75cc0517dd452553540fe0a

SHA1
059a917cc8cd44afbad198a508a952ed4a168058

SHA256
89ea3d71a554e53b98482b37449119dafeb27e9ab780efdc0773a8c649de51e6

SHA512
7c549cb0eca1bbd2608f9fb11ce570f657ee9368f5027a7b6d92cbc75e6b7214813aefa5d8339a84f9fc850b50a55a441d073b325825b9b74d5567043907c40f

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/3780-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4800-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download