b0b3b56b5768ec273ca5a91723d8c21e82cd0aeab1988890d202cf1236ea213a

Analysis

max time kernel
133s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 11:34

Target

a1fa963a3cb12ec6e2b43502944632d0_NeikiAnalytics.exe
Size

79KB
MD5

a1fa963a3cb12ec6e2b43502944632d0
SHA1

f486b79b421256db592de4f98ffdf7b7498f5692
SHA256

b0b3b56b5768ec273ca5a91723d8c21e82cd0aeab1988890d202cf1236ea213a
SHA512

fb9863e90e2f650f4cd45804e5243a889427ec6f4303c57250588fb068f1bf4c5e2e3af55508d763fd6a09c887171dc159c03e9cde44a5d00d432684c32ac57e
SSDEEP

1536:zvYXfWmBA7mSJoFrOQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvYROd06GdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3240	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 4424	2792	a1fa963a3cb12ec6e2b43502944632d0_NeikiAnalytics.exe	83
PID 2792 wrote to memory of 4424	2792	a1fa963a3cb12ec6e2b43502944632d0_NeikiAnalytics.exe	83
PID 2792 wrote to memory of 4424	2792	a1fa963a3cb12ec6e2b43502944632d0_NeikiAnalytics.exe	83
PID 4424 wrote to memory of 3240	4424	cmd.exe	84
PID 4424 wrote to memory of 3240	4424	cmd.exe	84
PID 4424 wrote to memory of 3240	4424	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\a1fa963a3cb12ec6e2b43502944632d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a1fa963a3cb12ec6e2b43502944632d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3240

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
29af1c9fb1ceb2880304e1498e18430d

SHA1
202871a50bbbcd44cdfacf435c57cd2ce20aef3f

SHA256
3e418a9f2a7d2dc210311d2bbcb40d9287a40b0753a1aa7bd18ba1ea7a82001b

SHA512
794d7a5270e1871fcf8c3f27283352ffa5a8de33768ce1875251b87a30f4aba2c889f3602be9767f710e3bcf225af8c6925cff762ecb89761b30f627f00c531b

Download Submit
memory/2792-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3240-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download