417a57b9b5836af37a94165c243296faf4fb7969f66a1a81c2a70105692ae2ac

Analysis

max time kernel
133s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 23:06

Target

22e410d34e5d48e9b6ccb4e9d2d27a10_NeikiAnalytics.exe
Size

79KB
MD5

22e410d34e5d48e9b6ccb4e9d2d27a10
SHA1

0577253005ae0275dbb546c3c78120c4f342ab88
SHA256

417a57b9b5836af37a94165c243296faf4fb7969f66a1a81c2a70105692ae2ac
SHA512

b98fc13b48e6d8bdcb9736b0337478f4aeee2a07960eac0e6c9c8cf6272ce0b850c5f1ac569f526a0712c46a337f2381c65df77c211daf153e4a81c1afc03560
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5y+B8GMGlZ5G:zv652PjGdqU7uy5w9WMy+N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3176	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 1696	4644	22e410d34e5d48e9b6ccb4e9d2d27a10_NeikiAnalytics.exe	84
PID 4644 wrote to memory of 1696	4644	22e410d34e5d48e9b6ccb4e9d2d27a10_NeikiAnalytics.exe	84
PID 4644 wrote to memory of 1696	4644	22e410d34e5d48e9b6ccb4e9d2d27a10_NeikiAnalytics.exe	84
PID 1696 wrote to memory of 3176	1696	cmd.exe	85
PID 1696 wrote to memory of 3176	1696	cmd.exe	85
PID 1696 wrote to memory of 3176	1696	cmd.exe	85

C:\Users\Admin\AppData\Local\Temp\22e410d34e5d48e9b6ccb4e9d2d27a10_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\22e410d34e5d48e9b6ccb4e9d2d27a10_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3176

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
41a7533ff7c4459315a652a8e2c4a291

SHA1
f77b5e5fda1826aca436662b40f3e12e529dc8f0

SHA256
b47778ac24cd20da03ff61e6310acd16749531f419bb9b2eecf5ff6bc289a9c8

SHA512
730541f119e225d6d6efdbc78c54ce6f4de4e5283efa507d014ae60dc7e8b8a5c0a0dd0d02e5457aa034e28d78e06377c98b5a468cbb96b5fdfd62d4d4e825eb

Download Submit
memory/3176-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4644-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download