cc264f685e7682c9eba0d7da3fbc4c3a199f9c4082c68d756b64704c63278c94

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 22:18

Target

0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe
Size

79KB
MD5

0dda00712e74bbf0c8101544f9153dd0
SHA1

d525df48924a7570421e2fd8a97538106ffd3b81
SHA256

cc264f685e7682c9eba0d7da3fbc4c3a199f9c4082c68d756b64704c63278c94
SHA512

13177dabe00fa1d877cc94b8ec571c11f246812b7a9965c340ab8dab143146fca0854f42db7e53af901164c39cba8ccf00eb0d068ba38dd1fb6c055852cbb118
SSDEEP

1536:zvKe+jx+KPqU42NOQA8AkqUhMb2nuy5wgIP0CSJ+5yJB8GMGlZ5G:zvz00uqU42UGdqU7uy5w9WMyJN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1220	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1804	cmd.exe
1804	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1804	2120	0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1804	2120	0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1804	2120	0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1804	2120	0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe	29
PID 1804 wrote to memory of 1220	1804	cmd.exe	30
PID 1804 wrote to memory of 1220	1804	cmd.exe	30
PID 1804 wrote to memory of 1220	1804	cmd.exe	30
PID 1804 wrote to memory of 1220	1804	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0dda00712e74bbf0c8101544f9153dd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1220

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9370d49c934ac7230cf933d42b79b1cc

SHA1
b293bcff3b8d0249a9a40eefdec5e3ac7a8c9ebc

SHA256
df5dc9d3a3db46a2c535c9de604b44c3269814dfc3fe234663494b708130bb94

SHA512
b00a020669390a4e7ebb6c76a7b0bcbd19411f10a464d4945b80ac103a44b60fc6e64bbc6cdbf34525359b32f93022374dd990165372c80ab74b58d7a505d081

Download Submit
memory/1220-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2120-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download