12d002845d95604d1b26caa65de20bc799daf239bdd3a796c187b752cab7d010

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 12:57

Target

a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe
Size

79KB
MD5

a431df978d27bb4b627bcfb412b25c70
SHA1

d7df74f4941e5aba15bdbc005aa55521f4c920bf
SHA256

12d002845d95604d1b26caa65de20bc799daf239bdd3a796c187b752cab7d010
SHA512

fb47eb0bda7d97795f28d08d2ada48e16354d9afe13d19b9f9145167559620dae943c12b451b3344dfa32c07f073fee6d6cf915ccb36dfb8dba2a7bb09258f80
SSDEEP

1536:zv1FbW6fkOQA8AkqUhMb2nuy5wgIP0CSJ+5yDB8GMGlZ5G:zvrW6fBGdqU7uy5w9WMyDN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2652	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 232	2744	a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe	83
PID 2744 wrote to memory of 232	2744	a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe	83
PID 2744 wrote to memory of 232	2744	a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe	83
PID 232 wrote to memory of 2652	232	cmd.exe	84
PID 232 wrote to memory of 2652	232	cmd.exe	84
PID 232 wrote to memory of 2652	232	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a431df978d27bb4b627bcfb412b25c70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:232
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2652

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
65b4652c2300b626d6ff1561ba52ec89

SHA1
2262dee1193f657401b01b99ee8c29d94daebe64

SHA256
6ba01faae5505f7baf5e6e1e8acc5ab7da2cb1644050c6009954fae7b819b9a4

SHA512
2f0682e9c32d0e3d125ecffe2a73e54a5e0106205f21f41c8d043ada7ce251f5450b075e1e0f0a4381b64e4452c64a389716f15aa1eeeae23325eb0e8695ee05

Download Submit
memory/2652-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2744-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download