e94cbade8fa5119d8f0235f1c56471ecdb7695eb8d7f3b351a85670b897cf613

Analysis

max time kernel
132s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 11:05

Target

a122575feb74e13371119cbf6e402520_NeikiAnalytics.exe
Size

79KB
MD5

a122575feb74e13371119cbf6e402520
SHA1

a138afc5a0504a63d0ddee5938ae70a95bfb1439
SHA256

e94cbade8fa5119d8f0235f1c56471ecdb7695eb8d7f3b351a85670b897cf613
SHA512

f8e1ff0c7116f5ce735a8802e1572a9523891f3ff80203ac0ef635173685b9a8c80e6f018815df0af312b98ccadc3f768abfcbc55119bd9e1726bbbede035202
SSDEEP

1536:zvKxifeJrDfME+2+OQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zvGifgMSGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1792	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 4780	1588	a122575feb74e13371119cbf6e402520_NeikiAnalytics.exe	84
PID 1588 wrote to memory of 4780	1588	a122575feb74e13371119cbf6e402520_NeikiAnalytics.exe	84
PID 1588 wrote to memory of 4780	1588	a122575feb74e13371119cbf6e402520_NeikiAnalytics.exe	84
PID 4780 wrote to memory of 1792	4780	cmd.exe	85
PID 4780 wrote to memory of 1792	4780	cmd.exe	85
PID 4780 wrote to memory of 1792	4780	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\a122575feb74e13371119cbf6e402520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a122575feb74e13371119cbf6e402520_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1792

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
99915eccc36d479e73bc49e80aed5ce2

SHA1
87450fda55a4ff401e1c8fcd557c7f0a853c7993

SHA256
bf8826a56ec92abd33db16ef8f46b3580e265350a4e7c6ca3b0556582dc0d2e3

SHA512
a492dff332c45fe544fdfe8a51fa5f84b5d88edac78192b6370a2dcd1150cf8ad50b7bd3b4b8d8dd3368062e7004d878790ebf8bcd681ae0f771ebcd33b433c5

Download Submit
memory/1588-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1792-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download