e7eb62aab7a756b36f7b76741ca2a4168b95a4f840a4b492204d0cd2473a40d4

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 13:40

Target

a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe
Size

79KB
MD5

a540dfc809b23b92876f6353a6e76ed0
SHA1

9725b2b8f215442ff65df50efb551da8fb8f09ba
SHA256

e7eb62aab7a756b36f7b76741ca2a4168b95a4f840a4b492204d0cd2473a40d4
SHA512

8be6e9c266bb5c92722014e63bdd5cba11d44ee7faa89be5a8b0a16cf9762cfadf248c5e2691deb833edf3ba8b99332b1ac475abcadcb1de9ea09d0687aacfa3
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yqB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyqN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4352	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 4936	2816	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	86
PID 2816 wrote to memory of 4936	2816	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	86
PID 2816 wrote to memory of 4936	2816	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	86
PID 4936 wrote to memory of 4352	4936	cmd.exe	87
PID 4936 wrote to memory of 4352	4936	cmd.exe	87
PID 4936 wrote to memory of 4352	4936	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4352

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
20779cf7cbb7876aa98ff31e22b4bb31

SHA1
d341e244caa6381c99f7b9cc52d9ee0508ab7e86

SHA256
d848fb325f6c56f5c4f77505395378944f64d975472ad5c3586a1b8f7485b9f3

SHA512
46249dac8da372dea025cf0dbd58aa9e407c5ae3f5b3b44ff4b02e7f68881b5ab77c2b01424c1fa190de14dd972507f9775976de99cbfa9af219b8405df9a626

Download Submit
memory/2816-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4352-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download