a7a89b39eb7487cdf745b5615fecdbc4169ab1c822c92dd711fa666e486aebed

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 07:31

Target

7ce72773e9389491176dc0a074fa06e0_NeikiAnalytics.exe
Size

79KB
MD5

7ce72773e9389491176dc0a074fa06e0
SHA1

17905cfaacd50d81bf6d24d398c6832d6c5eb1d9
SHA256

a7a89b39eb7487cdf745b5615fecdbc4169ab1c822c92dd711fa666e486aebed
SHA512

2485ca208f260f0be221efcb6dad0fbdafc8351d0fa29d32368f3d8e085a7f93ff704250be6f9531837c61e28cefae3e414b336e4fbe86330d9f8d7077857459
SSDEEP

1536:zvpoAj44j1TMVg8xOQA8AkqUhMb2nuy5wgIP0CSJ+5y/BB8GMGlZ5G:zvp+STMVNAGdqU7uy5w9WMy/BN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3700	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3228 wrote to memory of 1136	3228	7ce72773e9389491176dc0a074fa06e0_NeikiAnalytics.exe	84
PID 3228 wrote to memory of 1136	3228	7ce72773e9389491176dc0a074fa06e0_NeikiAnalytics.exe	84
PID 3228 wrote to memory of 1136	3228	7ce72773e9389491176dc0a074fa06e0_NeikiAnalytics.exe	84
PID 1136 wrote to memory of 3700	1136	cmd.exe	85
PID 1136 wrote to memory of 3700	1136	cmd.exe	85
PID 1136 wrote to memory of 3700	1136	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\7ce72773e9389491176dc0a074fa06e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7ce72773e9389491176dc0a074fa06e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1136
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3700

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
95ac42720e90520a22f53f3c8210ccee

SHA1
c91e3884b347556df1181d2ac01699a4e892b2f7

SHA256
24e4450649b9ebc75f2b2d1a72b45b8cdfdcf0088baff6e5d82f307f3c1fb062

SHA512
366c60f22fbc64f9973f4232a47750b38b9e8f4992de55ee6e2b3d3d4fa0927c3cd12eafc08da539f2f91f7ddd780940a9ed2b925007d831c067ca1737d18236

Download Submit
memory/3228-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3700-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download