55929bc65254af08b4ef0fca5bcd9618fb5043576b601b166411bbd03dc3fbb4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 23:40

Target

21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe
Size

79KB
MD5

21e754c7269e173cd4bccf84facbcd60
SHA1

b399b179379e7d58ac3a6319a91ae252550b05a8
SHA256

55929bc65254af08b4ef0fca5bcd9618fb5043576b601b166411bbd03dc3fbb4
SHA512

285c73b0295d9ca036d9f89c50dd8f9288fed56a17f13171a647992092589e4dccb32a0552012afc30ed1b2dd390bb6b5100868377d2098a704ef52c4f5e048d
SSDEEP

1536:zvfgmvxviO49KlQ5OQA8AkqUhMb2nuy5wgIP0CSJ+5yxB8GMGlZ5G:zvfp9iOAKlLGdqU7uy5w9WMyxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2912	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2196	cmd.exe
2196	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2196	1996	21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe	29
PID 1996 wrote to memory of 2196	1996	21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe	29
PID 1996 wrote to memory of 2196	1996	21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe	29
PID 1996 wrote to memory of 2196	1996	21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe	29
PID 2196 wrote to memory of 2912	2196	cmd.exe	30
PID 2196 wrote to memory of 2912	2196	cmd.exe	30
PID 2196 wrote to memory of 2912	2196	cmd.exe	30
PID 2196 wrote to memory of 2912	2196	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\21e754c7269e173cd4bccf84facbcd60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2912

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b0e45154f421bd9db49c0647b8b7e2b8

SHA1
406f4ce09a1fb4e6895946135b0a3966af60cdfb

SHA256
8b0a8c78ec47548bf0d249f0779d588d74abdbff3554955bd53ac42d74f89882

SHA512
d85bac17696da40c992b446b0a645d196b818ff4fbf9b98280badc67cdce50ae5ddb16671fdb873fc06dcedd16d706daab86ae8278c5f2707258de6752a68fe8

Download Submit
memory/1996-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2912-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download