319c4e645a15ff3e78df885bc7040877e27e00da6e983149a3512ca6b2905607

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 03:16

Target

5a1a91355a41dda64b09d0b5a119f550_NeikiAnalytics.exe
Size

808KB
MD5

5a1a91355a41dda64b09d0b5a119f550
SHA1

e999f795b713933d613b319caac419e92a41cb86
SHA256

319c4e645a15ff3e78df885bc7040877e27e00da6e983149a3512ca6b2905607
SHA512

b464972c9a743027ebdc9acec78587a36485b67b0ceca49138d3e94d3f7c84210a429883ec4fd2f8fcce36756a4206302d1aa970d27ab97349a01ae1feddd869
SSDEEP

12288:vw+WNwkEpCNbMpLh3H9OiETxSGgEL/4sVktkC9KJLZmN1b0b:vwEkE0MhhNOrtS0/4kktkVLZmN14b

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3484	4F97.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 3484	4360	5a1a91355a41dda64b09d0b5a119f550_NeikiAnalytics.exe	81
PID 4360 wrote to memory of 3484	4360	5a1a91355a41dda64b09d0b5a119f550_NeikiAnalytics.exe	81
PID 4360 wrote to memory of 3484	4360	5a1a91355a41dda64b09d0b5a119f550_NeikiAnalytics.exe	81

C:\Users\Admin\AppData\Local\Temp\5a1a91355a41dda64b09d0b5a119f550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a1a91355a41dda64b09d0b5a119f550_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Users\Admin\AppData\Local\Temp\4F97.tmp
  "C:\Users\Admin\AppData\Local\Temp\4F97.tmp"
  2⤵
  - Executes dropped EXE
  PID:3484

C:\Users\Admin\AppData\Local\Temp\4F97.tmp

Filesize
808KB

MD5
842b81294c6b93d7e74e3dc96d4114f1

SHA1
f9d31f73170e908f3fc6572488e65d6c8297f5ea

SHA256
2d4fb0e9b6a512252763836d4f2fa7dd00eaafae61220326d84eb342e71890f9

SHA512
cbdc557c29a004b42e28f70d8d93372bf2a6d75e142b3ac3a817b0b7e8a1ec09c354602ced4e059ad47ee0e13d6a9bcbd23a041179191e2baa70c7bbbc1102ee

Download Submit