3a2ebf5afe0b6c33a36e9bed8b491fbcdf87e5b1b87867f7f804640bfb01b74f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 23:03

Target

190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe
Size

79KB
MD5

190bc55d8b7501b7c3ca523267493fd0
SHA1

4191995528036953c4930819fb792e1063970dd9
SHA256

3a2ebf5afe0b6c33a36e9bed8b491fbcdf87e5b1b87867f7f804640bfb01b74f
SHA512

f1be2dd773aacdb93beeafd2866d20be8c1a8505a40ffcdecd6fa0694c868b212d58b321fccea45d17283d4dca4e1cd7fa9e634dafec5d9d201b34e4f4e50278
SSDEEP

1536:zvpoooXM5F0qfhj2ipNOQA8AkqUhMb2nuy5wgIP0CSJ+5yEB8GMGlZ5G:zvpoooE062VGdqU7uy5w9WMyEN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1752	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1968	cmd.exe
1968	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1968	2040	190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe	29
PID 2040 wrote to memory of 1968	2040	190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe	29
PID 2040 wrote to memory of 1968	2040	190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe	29
PID 2040 wrote to memory of 1968	2040	190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe	29
PID 1968 wrote to memory of 1752	1968	cmd.exe	30
PID 1968 wrote to memory of 1752	1968	cmd.exe	30
PID 1968 wrote to memory of 1752	1968	cmd.exe	30
PID 1968 wrote to memory of 1752	1968	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\190bc55d8b7501b7c3ca523267493fd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1752

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c8f3b25fe8352ba68c7ad8c40546ab6a

SHA1
30257a059d47fc8c259336946c797c7aedf71945

SHA256
99d9371afd47151a3d25515ddf6bf0c95064772d83d4adc837838312bfc927a5

SHA512
d79a70d41ff9b364ae98d0c59c51ec8b9dc7dad04ecd82c50fd493c8026b94feeaa0e334d5965d82e905658ce1f042cdacdb38a332f30ee0c9dc7c6da1c10b2e

Download Submit
memory/1752-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2040-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download