0b01aab1e0b7808a0b9e51b638b13d83f8b79618fb0d102a6916ed292b2c43ed

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 04:54

Target

4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe
Size

29KB
MD5

4c992cbd857db1ad8be9c465ebe52900
SHA1

3b754f63bfc414702237d1bff1725a640a60308b
SHA256

0b01aab1e0b7808a0b9e51b638b13d83f8b79618fb0d102a6916ed292b2c43ed
SHA512

3c4fc8e5d84eab4275d2faab4107cb1bf3859c9f5dddab24d136cca23c3591ac9ef4519ee719017e5a651ac55e70767438d1b90c3424976faaad868eda4958cc
SSDEEP

384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGUf:v/qSamrxDmqoKM4Z0iwtwL

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2664	2024061704.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe
2664	2024061704.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 2664	3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe	87
PID 3996 wrote to memory of 2664	3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe	87
PID 3996 wrote to memory of 2664	3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe	87
PID 3996 wrote to memory of 4948	3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe	89
PID 3996 wrote to memory of 4948	3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe	89
PID 3996 wrote to memory of 4948	3996	4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe	89

C:\Users\Admin\AppData\Local\Temp\4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4c992cbd857db1ad8be9c465ebe52900_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Users\Admin\AppData\Local\Temp\2024061704.exe
  C:\Users\Admin\AppData\Local\Temp\2024061704.exe down
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  PID:4948

C:\Users\Admin\AppData\Local\Temp\2024061704.exe

Filesize
29KB

MD5
27d4ab2b29ce8a3823aa100e2c74c1f7

SHA1
eb1a68139da1d1ad06608bc9925236551eb38950

SHA256
1157d150eb6a25a2f021f4184d756dd03655b7c614d57184e626045fa7280491

SHA512
d80ce22e5cbc99a3486a62393df4d3e29d720fdc8e1a6252d1a7657bd235dca855eff03a149c4c7a02a9842e989eabd94808738e74625943a918bd9ea99f5761

Download Submit
C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
216B

MD5
ef06edbefdcf82719fefbafa856a4fcd

SHA1
8849c725c8ebe784603cdd55377c1cbe0d699bdf

SHA256
04ebfa2937d5eee5e9dd91804218597efde400a45b46620e11ca15e431220cdb

SHA512
1380b05d0f258e7bf3aa09ecaed7218d478c6f04d4108fdb6f21805370052e80b11d65c8e64b75cecaf176dbdfd1068343bc87d15a291fb4ebbe2a5db781cc88

Download Submit
memory/2664-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download