2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 01:26

Target

2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765_NeikiAnalytics.exe
Size

79KB
MD5

be6f8530cacfcb4293dbbd3c085f5070
SHA1

14c1304562d1e2b2c41317de03e7e81ca4ad0055
SHA256

2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765
SHA512

ef31cae3bfb9bfa04a50eacda3eb8888c85674eaba65fac0d616978227cc63df4e0dad3e947b2d1a265a3474898acd9f92f0c6e017c7568ada7a952161059384
SSDEEP

1536:zvIqTisupYrVjLZhkpkxOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zvIqJxLnsGdqU7uy5w9WMyGN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2872	[email protected]

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1184	2016	2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765_NeikiAnalytics.exe	82
PID 2016 wrote to memory of 1184	2016	2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765_NeikiAnalytics.exe	82
PID 2016 wrote to memory of 1184	2016	2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765_NeikiAnalytics.exe	82
PID 1184 wrote to memory of 2872	1184	cmd.exe	83
PID 1184 wrote to memory of 2872	1184	cmd.exe	83
PID 1184 wrote to memory of 2872	1184	cmd.exe	83

C:\Users\Admin\AppData\Local\Temp\2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2affe7820604869623b63e53502a49d62eb490799d3e73e811f09551d3f49765_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1184
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2872

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4c462dfb393b170cbb8b8a6a53580c91

SHA1
4d193991a3e12d519f464d9cb39e86b40a250da4

SHA256
52873ab0cab278e0d4d85a74f569e3de3afd433f3c8e265a5f1158d7d0f4dccd

SHA512
b472bde52da3af9ef22a2e69f957b95f19422386f4b1b3a5c8a4ddbf1782649d1ca8a55f4cf716f26fbedb638735498258017a31be2de7f38227a97750b39508

Download Submit
memory/2016-6-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2872-5-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download