d751ce0e51d51cd37a247877f4bcb30deaf5fe6eb405ee29b9d4f1251a9c2859

Analysis

max time kernel
138s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 02:18

Target

89bb4a0ca1dda2bb03ce96dd2db25250_NeikiAnalytics.exe
Size

79KB
MD5

89bb4a0ca1dda2bb03ce96dd2db25250
SHA1

91faf32fcffa7320dcec136eda91ef1769c1c596
SHA256

d751ce0e51d51cd37a247877f4bcb30deaf5fe6eb405ee29b9d4f1251a9c2859
SHA512

5616702dd7f32b27a0199dfdc12f8ae9d1823b216c92be77e015eea6ab9a6d531e9d34e7f139759b631b8ce9a4b5587656b14802f40df4ecd65e30aec8708acc
SSDEEP

1536:zv4au8qeCIW7WU8ikh4OQA8AkqUhMb2nuy5wgIP0CSJ+5yJGB8GMGlZ5G:zvkzvIbHZhdGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
996	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 1000	4652	89bb4a0ca1dda2bb03ce96dd2db25250_NeikiAnalytics.exe	83
PID 4652 wrote to memory of 1000	4652	89bb4a0ca1dda2bb03ce96dd2db25250_NeikiAnalytics.exe	83
PID 4652 wrote to memory of 1000	4652	89bb4a0ca1dda2bb03ce96dd2db25250_NeikiAnalytics.exe	83
PID 1000 wrote to memory of 996	1000	cmd.exe	84
PID 1000 wrote to memory of 996	1000	cmd.exe	84
PID 1000 wrote to memory of 996	1000	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\89bb4a0ca1dda2bb03ce96dd2db25250_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\89bb4a0ca1dda2bb03ce96dd2db25250_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1000
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:996

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a9ae494f8b97c463930aa6b3d1cd8a57

SHA1
9d8b5a3c68c7dc08438dd3f6adc9db9522584084

SHA256
d99960c7ab633cddd2dcd4b9c2a22e278d43f30af1e692083243f574dc4c6214

SHA512
8bfad3173547bb3fce46f9e916866de900b831c7865b937612a481010f6681527fb029950b13909ed03d559ae4ff605e4743207cf7b4f4c0c1682bbf2bb3f3c8

Download Submit
memory/996-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4652-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download