3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 06:45

Target

3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c_NeikiAnalytics.exe
Size

79KB
MD5

fe309b8c9551f72955e1e3238c60aae0
SHA1

455dcbd0fc116581e7a1b95e8a80e780554c78c3
SHA256

3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c
SHA512

a47691d94f746d56447499e569c59467f6c9216d4ffe608569f1e13c32f1bf3b69257f294fb7ee2d47677bb66071aa84a4b7ed464add2af15516422bbeba63a2
SSDEEP

1536:zvnlYURAuvQFRyOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zv7+fF9GdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3784	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 2004	5060	3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c_NeikiAnalytics.exe	82
PID 5060 wrote to memory of 2004	5060	3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c_NeikiAnalytics.exe	82
PID 5060 wrote to memory of 2004	5060	3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c_NeikiAnalytics.exe	82
PID 2004 wrote to memory of 3784	2004	cmd.exe	83
PID 2004 wrote to memory of 3784	2004	cmd.exe	83
PID 2004 wrote to memory of 3784	2004	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3c6f0ddad1f9865839e69c979b7e1db5c1ac93facf24ddbed950317ed671bb2c_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3784

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4a4086e3471c270b4d5fac5b57418538

SHA1
6ff9bcd6d76d3f5cdf32737fd150437a25b94a70

SHA256
7a340ecae559436a819f7519c9b2f58dd7b48ba14c766b5a76652366f39946d5

SHA512
1a724de8f9161111816994bcea6062765bd9314956551dbf29a9779460afb4afcf6f90b283eb0b1cb7e9eff23380949145185ae055ac215a4afdef708916913b

Download Submit
memory/3784-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5060-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download