efbf8cfe13e81546d69db4f6a83df52371145c3548e437ae584efa18731964d5

Analysis

max time kernel
92s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 03:00

Target

8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe
Size

79KB
MD5

8af4e315bf7a4ca99b86c61bdfdcaf00
SHA1

786ed64f5bd0f73641ba9557220f0d7360d77877
SHA256

efbf8cfe13e81546d69db4f6a83df52371145c3548e437ae584efa18731964d5
SHA512

64a27f0ba99cdf3fa99072db1ed044634e1ff09504cfc47c3db532f008e9d940e96c855e898470c88b40b12b1f32ba1670a7cead63d3b5b59686b736e33c5683
SSDEEP

1536:zvKe+jx+KPqU42NOQA8AkqUhMb2nuy5wgIP0CSJ+5ybB8GMGlZ5G:zvz00uqU42UGdqU7uy5w9WMybN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4004	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 4408	928	8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe	85
PID 928 wrote to memory of 4408	928	8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe	85
PID 928 wrote to memory of 4408	928	8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe	85
PID 4408 wrote to memory of 4004	4408	cmd.exe	86
PID 4408 wrote to memory of 4004	4408	cmd.exe	86
PID 4408 wrote to memory of 4004	4408	cmd.exe	86

C:\Users\Admin\AppData\Local\Temp\8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8af4e315bf7a4ca99b86c61bdfdcaf00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4408
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4004

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
03d5ea38526228e9ef9c68c0e1ebe798

SHA1
d4bd7e03c212245f60f39689b2152056f7491048

SHA256
d68f916e3dfcc7c50526f62348f5a619fd80979510e67462c605b717c31c3c24

SHA512
859e03d7b39b16cbaed450d9b1c7c425fa2e8cfd169a28fe68dcc5794a980790747fcb2252c38068c472c946785b85d1bf1f22a1e80155a7a73a376904563ab2

Download Submit
memory/928-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4004-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download