8a1fdcb987c5270d77297ac90ae35f5ccd7880f2a6927730368f9c87293b8471

Analysis

max time kernel
139s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 07:47

Target

932cf8bebd0eaabbc02c7e2c7efba950_NeikiAnalytics.exe
Size

79KB
MD5

932cf8bebd0eaabbc02c7e2c7efba950
SHA1

b03ea42c6c84d78b761ee7a62e4c452141e74ca7
SHA256

8a1fdcb987c5270d77297ac90ae35f5ccd7880f2a6927730368f9c87293b8471
SHA512

48a2853a7950e58ed65c39898ab2bf889b0bd7f57a9e601a0f018808d89098033c1f392bd15c51b63bed1aa4f9e596cab382855339445e34eaa15bb80047c7b6
SSDEEP

1536:zvgcqudelDbTwHikBOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvgjlbTwHikwGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1972	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 4608	4912	932cf8bebd0eaabbc02c7e2c7efba950_NeikiAnalytics.exe	86
PID 4912 wrote to memory of 4608	4912	932cf8bebd0eaabbc02c7e2c7efba950_NeikiAnalytics.exe	86
PID 4912 wrote to memory of 4608	4912	932cf8bebd0eaabbc02c7e2c7efba950_NeikiAnalytics.exe	86
PID 4608 wrote to memory of 1972	4608	cmd.exe	87
PID 4608 wrote to memory of 1972	4608	cmd.exe	87
PID 4608 wrote to memory of 1972	4608	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\932cf8bebd0eaabbc02c7e2c7efba950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\932cf8bebd0eaabbc02c7e2c7efba950_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4608
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1972

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0feb9163f072d9fc9d9b48eb3f1b017b

SHA1
5814387a91f516b7fa07a1cbd986d7c54ae8c1dd

SHA256
7f56507e2642c0c265554de87aebf3d440c9503dc6715bfbb09e289a9bf4a09e

SHA512
cd0c519c7b62c1c135863f70708c8f3d41dd6bb0f9b5ac7efd199986b0d2c344cb9997ec22368120aedbf820b4ce83a5779a7e11e886d8850e423fed5171bf19

Download Submit
memory/1972-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4912-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download