55d9514b75c948f144ca4398c81a70633840ad76cd3ca7f2a5d26bdcd0789f75

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2024 09:10

Target

95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe
Size

79KB
MD5

95c4bd07ee18f24c80dcb256b8481780
SHA1

40d6ecff861ab8d4eb14ce57bdf40dba43249afe
SHA256

55d9514b75c948f144ca4398c81a70633840ad76cd3ca7f2a5d26bdcd0789f75
SHA512

9ac104cf384ad6e04e1af17605f6e9902e9afa0787f772b9edd1208375e60cc8b21e13bcefe398d8acb0e39e71f44995af04d3355497ed0f185b2eb70ff0b06a
SSDEEP

1536:zvIrfPpJ2wPGPmjE8Sj4Q7OQA8AkqUhMb2nuy5wgIP0CSJ+5y+4B8GMGlZ5G:zv+3ptGeO0QqGdqU7uy5w9WMyfN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2876	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3500	2104	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	83
PID 2104 wrote to memory of 3500	2104	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	83
PID 2104 wrote to memory of 3500	2104	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	83
PID 3500 wrote to memory of 2876	3500	cmd.exe	84
PID 3500 wrote to memory of 2876	3500	cmd.exe	84
PID 3500 wrote to memory of 2876	3500	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3500
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2876

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8c3aff32212a186ad8fc1d33a0dbee3a

SHA1
1ef422c6e5d781aaeca6072cfa7dbbe6b152c3d0

SHA256
8361b54081a19fd03d67b0971a6292d1c404cbb2d16ffe8cffb656620d958350

SHA512
2104527c55810c0409fefcba4e8e01cb009200d4044fd0f67d0f0d2e4789c5fc70e4544005749789c269fdf64ecc46c3aa5c1d578cd986a2f580e33cc5eb952d

Download Submit
memory/2104-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2876-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download