fccbee171977d266d8142a08e6df6cf1cb7ca44a74d236ab67ddebed2a3c7ef2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 21:53

Target

07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe
Size

79KB
MD5

07e02ffcb3c9f167eecc9d59ff9687f0
SHA1

8cc2e89a426fe30bb45f992be951eb1878359c81
SHA256

fccbee171977d266d8142a08e6df6cf1cb7ca44a74d236ab67ddebed2a3c7ef2
SHA512

5b80e8261500b859840a6d59115b5394873de970c14cf08dd5946a578068bb02eb20614ddb580d29a5b50831d6eb09c04dffbe395114c3a818781c36847145cf
SSDEEP

1536:zvI/UIvqd/7oYvzsYaKOQA8AkqUhMb2nuy5wgIP0CSJ+5y4K1B8GMGlZ5G:zvIZqdDNsYa/GdqU7uy5w9WMy4K1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2344	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2976	cmd.exe
2976	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2976	2868	07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe	29
PID 2868 wrote to memory of 2976	2868	07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe	29
PID 2868 wrote to memory of 2976	2868	07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe	29
PID 2868 wrote to memory of 2976	2868	07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe	29
PID 2976 wrote to memory of 2344	2976	cmd.exe	30
PID 2976 wrote to memory of 2344	2976	cmd.exe	30
PID 2976 wrote to memory of 2344	2976	cmd.exe	30
PID 2976 wrote to memory of 2344	2976	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07e02ffcb3c9f167eecc9d59ff9687f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2344

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c28e396f4e0c1cce90a7bd2f2678fd13

SHA1
5eff3cfce1a4f607a03b44f60f2c9978f14c14af

SHA256
300f142c305b2a5228b1e0b62bb6ed064a465fc0bf42027a4255f6578c23bd24

SHA512
94ec8212bbc7dd016a92b2f3f1b1a39a21109ebc7efc0a5f47c5bbf47631de3c5f135c3ff3022bc0f0313dfb891cd9980dabec5d329f738bf680d9a81a80bf37

Download Submit
memory/2344-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2868-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download