8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 04:24

Target

8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281_NeikiAnalytics.exe
Size

79KB
MD5

11e24868cd4b508e8a1e64aff98353c0
SHA1

ce411fa3b6356169b05a4152080b9d91a3cdcafa
SHA256

8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281
SHA512

15afba0c16966e5c783a4902f8065d319f8e7993f75abc42daa5dff00e33d59d02699972a1795e1dc941383f9173f809b7e9481a91be51fe9561127280ba2878
SSDEEP

1536:zvi6fOCF3W1OQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvbfisGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3220	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 3444	4476	8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281_NeikiAnalytics.exe	82
PID 4476 wrote to memory of 3444	4476	8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281_NeikiAnalytics.exe	82
PID 4476 wrote to memory of 3444	4476	8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281_NeikiAnalytics.exe	82
PID 3444 wrote to memory of 3220	3444	cmd.exe	83
PID 3444 wrote to memory of 3220	3444	cmd.exe	83
PID 3444 wrote to memory of 3220	3444	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8154c53231d6b387a905039f5fa2c42d0603d54a14b2ff41a0083ed7dcae0281_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3444
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3220

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
004ad8cf10441f90c30f4827717c9dae

SHA1
40e96cd8d85c313d827f46d6cd661448b39d81c7

SHA256
5c283344d357eea1992f8bd7f7f6511b89fa2fb861db07470cda8440b38da9cd

SHA512
478a0c41049e323c72c1c5b07bc2bbb5ac0aa20e27bad237c0d349fa10d96bf5f59c65329d6dc85fd1a189e2441301bb29ba8cdb167721ad3e64f6c29fc9ac5c

Download Submit
memory/3220-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4476-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download