214efbf3353f2a254b80598f64ba26de07656f1939d394dddd0736e20d5711d9

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 04:06

Target

8a681f0e8cd11ce7384eb364a540ba80_NeikiAnalytics.exe
Size

79KB
MD5

8a681f0e8cd11ce7384eb364a540ba80
SHA1

ea8c4b052dcc411acff7eee614e66e235ea71e81
SHA256

214efbf3353f2a254b80598f64ba26de07656f1939d394dddd0736e20d5711d9
SHA512

179d18b20567181459f72df26ba125a2b750bfbe66c16f1599dbaec4d5ab8746f52c6a278f8b47bc0b64276a9f1a7421921d3ba2e51a31aad3f260713d756d60
SSDEEP

1536:zvVAjzg5K8d2og1CMR2OQA8AkqUhMb2nuy5wgIP0CSJ+5ywB8GMGlZ5G:zvAsE801CMNGdqU7uy5w9WMywN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4280	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2700	3028	8a681f0e8cd11ce7384eb364a540ba80_NeikiAnalytics.exe	83
PID 3028 wrote to memory of 2700	3028	8a681f0e8cd11ce7384eb364a540ba80_NeikiAnalytics.exe	83
PID 3028 wrote to memory of 2700	3028	8a681f0e8cd11ce7384eb364a540ba80_NeikiAnalytics.exe	83
PID 2700 wrote to memory of 4280	2700	cmd.exe	84
PID 2700 wrote to memory of 4280	2700	cmd.exe	84
PID 2700 wrote to memory of 4280	2700	cmd.exe	84

C:\Users\Admin\AppData\Local\Temp\8a681f0e8cd11ce7384eb364a540ba80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8a681f0e8cd11ce7384eb364a540ba80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:4280

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8b9c4d321d6dbb1d0fb622f643f1fc39

SHA1
b164b580a60f06a62a09bbff5ac42e5e3b6001b7

SHA256
68fc4762ab83149f085269c71e2e08963e70e36a4c180d7b2293ce4447711511

SHA512
4f447e576eb46b9aa83df911d7458cea5dab7d8946be58457d86ae70559ebdf86d22055f3d83db9d08c1834ac81e9bd6a207410fe70430aa283c2e243ddc1cbb

Download Submit
memory/3028-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4280-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download