c348b457f1df1d561d40be5a495e3955e4b7c470c517bb35844a101e36026e2f

Analysis

max time kernel
129s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 05:17

Target

9cca24e03022c5df2ca439154eaec360_NeikiAnalytics.exe
Size

79KB
MD5

9cca24e03022c5df2ca439154eaec360
SHA1

9f3fe413340b05d91fdfabdbc84ca89a87ee7506
SHA256

c348b457f1df1d561d40be5a495e3955e4b7c470c517bb35844a101e36026e2f
SHA512

77b3b2949112db7d748c8d1d9f4d1a640f8304847ae1043512ebf1959506941880d71c15bb5717437def61a68213c26bceb0f34a63430fbb51b93bdab1240185
SSDEEP

1536:zv1FbW6fkOQA8AkqUhMb2nuy5wgIP0CSJ+5yYB8GMGlZ5G:zvrW6fBGdqU7uy5w9WMyYN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3284	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 1556	3588	9cca24e03022c5df2ca439154eaec360_NeikiAnalytics.exe	84
PID 3588 wrote to memory of 1556	3588	9cca24e03022c5df2ca439154eaec360_NeikiAnalytics.exe	84
PID 3588 wrote to memory of 1556	3588	9cca24e03022c5df2ca439154eaec360_NeikiAnalytics.exe	84
PID 1556 wrote to memory of 3284	1556	cmd.exe	85
PID 1556 wrote to memory of 3284	1556	cmd.exe	85
PID 1556 wrote to memory of 3284	1556	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\9cca24e03022c5df2ca439154eaec360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9cca24e03022c5df2ca439154eaec360_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3284

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
933f0000b84068fdb34d99077f6bc151

SHA1
0c431bd36841a3f315dbb1cd47150a7a989ef0c0

SHA256
231ccb82eaf15804e467755620c0302d00267005d2c8012cbc192515ee29b8fb

SHA512
b339c722ea4c7445004d1e6e0690ef8ed571d23228afac8714591441f885ce59148742ade0fca1155da78293f499c504404893d37fde3b569f0a3d89979a5ae1

Download Submit
memory/3284-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3588-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download