c27f9bd08e97305c2d0b10553077df23bfe9b0985c8108aeff5a2bd15184aaf9

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 08:00

Target

938e34702ecef28f21361fd0f8018ab0_NeikiAnalytics.exe
Size

79KB
MD5

938e34702ecef28f21361fd0f8018ab0
SHA1

f7d61aa138d75961f1462dc5f379770d509f3024
SHA256

c27f9bd08e97305c2d0b10553077df23bfe9b0985c8108aeff5a2bd15184aaf9
SHA512

0b1b69d82d7cdce395544375f98d8a6e55413229c6206298303cebb4ca16da6b9cca9d665df79d92da7b83ae0fde8e963a0e05810ca98ff55cf20021e3415b8e
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5yvAB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMyIN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1808	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 3352	4036	938e34702ecef28f21361fd0f8018ab0_NeikiAnalytics.exe	84
PID 4036 wrote to memory of 3352	4036	938e34702ecef28f21361fd0f8018ab0_NeikiAnalytics.exe	84
PID 4036 wrote to memory of 3352	4036	938e34702ecef28f21361fd0f8018ab0_NeikiAnalytics.exe	84
PID 3352 wrote to memory of 1808	3352	cmd.exe	85
PID 3352 wrote to memory of 1808	3352	cmd.exe	85
PID 3352 wrote to memory of 1808	3352	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\938e34702ecef28f21361fd0f8018ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\938e34702ecef28f21361fd0f8018ab0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3352
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1808

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4f06ff398ffc946ea347bac7d919d38d

SHA1
24cf673d6aafc1dea183da0c750e0d475b12a0a5

SHA256
c0349973bf67c478d9a264252ca730ef5936428c2ec78a2f3c0ef791e6f3fdc4

SHA512
2f275360c03b91430beb469d3bb3b6439157e6916ec591d5d6c107b671ba3669d4692676e6e0223bfc9d0e871a00b3dec4899e844f6700dd5dc18450857f77e6

Download Submit
memory/1808-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4036-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download