aeaf58f331bd89c0df5dc9f8e5dbbdf427f33d49b2ed899816e6aa345c44d3b1

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 04:28

Target

9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe
Size

79KB
MD5

9b8805cdce27de24c67afd2e44b0e760
SHA1

0ffc7720550e8e1e81741907e0b463f57f7cae96
SHA256

aeaf58f331bd89c0df5dc9f8e5dbbdf427f33d49b2ed899816e6aa345c44d3b1
SHA512

27af5d9ae97d152b13f5cfbec1aaa1148246cc275f0a522325be7c37f2b58bcc0ec306f5882a625da16014b2dc17b07ef59bfbcd292222e1ffdddad069b6b23e
SSDEEP

1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5yJB8GMGlZ5G:zvgMa2GdqU7uy5w9WMyJN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3396	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 1820	4236	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	82
PID 4236 wrote to memory of 1820	4236	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	82
PID 4236 wrote to memory of 1820	4236	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	82
PID 1820 wrote to memory of 3396	1820	cmd.exe	83
PID 1820 wrote to memory of 3396	1820	cmd.exe	83
PID 1820 wrote to memory of 3396	1820	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1820
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3396

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9be8e6689c55b645bda68286ece82ebe

SHA1
222762cdd7832ed3283a835f022eabc52d967cc3

SHA256
79bc54011a27a3a0ade59f621d81ccd3ae68ccb87af0ada5153720804dcfe206

SHA512
2d01ed0e1d67af29c8cfc07806ab88f487c6d8e9ed1f63a6c3425a7d011ee5ca2c4c02f3feb075858ab8b363f9b62a7be526d63972b92f55d08fe22c8d01020b

Download Submit
memory/3396-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4236-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download