d8d30543bd0138997c6c7c54b46bcde88db5db7a2b196bf758ddac5b4858e2d0

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 09:44

Target

3c1fc8811aeeef6b5e857668ec85d8a0_NeikiAnalytics.exe
Size

1.5MB
MD5

3c1fc8811aeeef6b5e857668ec85d8a0
SHA1

f4d87f5c92679e5c63d2d0a45a5f25171331dc23
SHA256

d8d30543bd0138997c6c7c54b46bcde88db5db7a2b196bf758ddac5b4858e2d0
SHA512

7f62262fdecb03e06c170471aa248648d9b08b8b98afa925e4948c9df629ceea333a1d6a901526b18cccf7691be75a972092c36b126bd7670c965e4f9b911cbb
SSDEEP

24576:TaxVJXEdwsnFdxzL3UarLZmN1DUZmSordfq6Ph2kkkkK4kXkkkkkkkkhLX3a20RR:Tax305xzL3xPZmXYZmSadfqkbazR0vI

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
208	494D.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 208	8	3c1fc8811aeeef6b5e857668ec85d8a0_NeikiAnalytics.exe	83
PID 8 wrote to memory of 208	8	3c1fc8811aeeef6b5e857668ec85d8a0_NeikiAnalytics.exe	83
PID 8 wrote to memory of 208	8	3c1fc8811aeeef6b5e857668ec85d8a0_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\3c1fc8811aeeef6b5e857668ec85d8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c1fc8811aeeef6b5e857668ec85d8a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Users\Admin\AppData\Local\Temp\494D.tmp
  "C:\Users\Admin\AppData\Local\Temp\494D.tmp"
  2⤵
  - Executes dropped EXE
  PID:208

C:\Users\Admin\AppData\Local\Temp\494D.tmp

Filesize
1.5MB

MD5
2991abf8ccddb3a9dc9992182590dc2c

SHA1
969c37493938dbb35a2d091b0d724d1037d3b7e3

SHA256
605d27ea163b62d8ff2ad0727d0c2353ce8dcd27cdfe5d955b8c97f42964d54a

SHA512
c79db8af1e3f821c02511184c6bb0518f1afabad43a957360dbafa30f614405d41d30889567354c4f7fa01053c46c0277237cd06b0abcaba317e71913a2264b4

Download Submit