1a807c38b0d6c1cfe82975d5b7d0c2031657a855c14a415e8b7139c5d7e8b7b3

Analysis

max time kernel
129s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 03:16

Target

998625a2d59a843b51206b62868c7870_NeikiAnalytics.exe
Size

79KB
MD5

998625a2d59a843b51206b62868c7870
SHA1

91be1885faf7deb3d58bdec69b1f8e7eae6b0a78
SHA256

1a807c38b0d6c1cfe82975d5b7d0c2031657a855c14a415e8b7139c5d7e8b7b3
SHA512

7e36811353e74f3533f52b6402409436b8bb67c822aadddf474579a3258dfa492fc5b3bf3e48a4c9a6447d36f12995c3017d9605974296fe5a12c96cd24d52cd
SSDEEP

1536:zvNnZrO9NwHfgpmOQA8AkqUhMb2nuy5wgIP0CSJ+5ylB8GMGlZ5G:zvq9kf8GdqU7uy5w9WMylN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
948	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 3300	2328	998625a2d59a843b51206b62868c7870_NeikiAnalytics.exe	84
PID 2328 wrote to memory of 3300	2328	998625a2d59a843b51206b62868c7870_NeikiAnalytics.exe	84
PID 2328 wrote to memory of 3300	2328	998625a2d59a843b51206b62868c7870_NeikiAnalytics.exe	84
PID 3300 wrote to memory of 948	3300	cmd.exe	85
PID 3300 wrote to memory of 948	3300	cmd.exe	85
PID 3300 wrote to memory of 948	3300	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\998625a2d59a843b51206b62868c7870_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\998625a2d59a843b51206b62868c7870_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3300
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:948

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5ad1417d1aef1c39af855d1cde099aeb

SHA1
912c1edde409231a5075d1c536132b6726696e81

SHA256
469f870da5cc230e230a354f99296987a207f02474512c7e3458cfc8755a347e

SHA512
f2863df7a16b46e370b501bdf70a852e654228b0e0823b6cd95e05b7e5e43db8349a9f4c78a726dce1e2ee6127b8037e5662ac059f3cebdcbeefff680f4cf7dd

Download Submit
memory/948-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2328-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download