36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1

Analysis

max time kernel
41s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:44

Target

36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe
Size

73KB
MD5

332ab99c0007a221dee532195c042500
SHA1

26a533eac8c79fe31cfc8d044c7b3fc0cb9ae959
SHA256

36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1
SHA512

da7def01ed59c2e8a6f5820ffea263fa5e489bbf00720bac2ccc5fb7d94a741154820634874ddce7ac8a4829196388c8267bcf8091a2bfb8c19b2639f69fb00b
SSDEEP

1536:hbbhvDD8qtK5QPqfhVWbdsmA+RjPFLC+e5hcy0ZGUGf2g:h57LNPqfcxA+HFshxOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
4696	[email protected]

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 860	4548	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	82
PID 4548 wrote to memory of 860	4548	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	82
PID 4548 wrote to memory of 860	4548	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	82
PID 860 wrote to memory of 4696	860	cmd.exe	83
PID 860 wrote to memory of 4696	860	cmd.exe	83
PID 860 wrote to memory of 4696	860	cmd.exe	83
PID 4696 wrote to memory of 1876	4696	[email protected]	84
PID 4696 wrote to memory of 1876	4696	[email protected]	84
PID 4696 wrote to memory of 1876	4696	[email protected]	84

C:\Users\Admin\AppData\Local\Temp\36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:860
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4696
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1876

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
3a62ed71ae6f53ee2207a75363833bdd

SHA1
4dac5dac2a18d7ca949ec4478299c0824c83176f

SHA256
2022772299da29ebdabd81e6ee0bfaaff704d2c8610ef75651c78da385a37966

SHA512
c8ca3a57bbd3a1ce9b1b059f36767465c1e8bf886bd51c26f17a3b23c860a3f2661b7ad72385235eebdf59b925ce8c00362c174d538d085616411451f9bbfbc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\00.exe

Filesize
2KB

MD5
7b621943a35e7f39cf89f50cc48d7b94

SHA1
2858a28cf60f38025fffcd0ba2ecfec8511c197d

SHA256
bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991

SHA512
4169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1

Download Submit
memory/4548-8-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4696-7-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download