a5c6fda42d193f13797af6a2d3f3e7376f0ddcabf54398e9c551bde4d63cde31

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 14:07

Target

54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe
Size

79KB
MD5

54c1bf8289620fe8142b2853fc98c720
SHA1

74fe79f67a72c4d08eccc4ea6b2c1b76d5c8802d
SHA256

a5c6fda42d193f13797af6a2d3f3e7376f0ddcabf54398e9c551bde4d63cde31
SHA512

a478a21caf9fb10c5a6b428cfc5e94a7a9bdfbc74e2bb0fd15cd2a4e82911ef8f35f20f61048608841bc4bbce63ba568a90f02bc8906237ecd1da3c3768dc349
SSDEEP

1536:zvmha5/AT2nmBaWOQA8AkqUhMb2nuy5wgIP0CSJ+5yMfB8GMGlZ5G:zvmhu+2nBzGdqU7uy5w9WMy0N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2224	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2372	cmd.exe
2372	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2372	2200	54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe	29
PID 2200 wrote to memory of 2372	2200	54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe	29
PID 2200 wrote to memory of 2372	2200	54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe	29
PID 2200 wrote to memory of 2372	2200	54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe	29
PID 2372 wrote to memory of 2224	2372	cmd.exe	30
PID 2372 wrote to memory of 2224	2372	cmd.exe	30
PID 2372 wrote to memory of 2224	2372	cmd.exe	30
PID 2372 wrote to memory of 2224	2372	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\54c1bf8289620fe8142b2853fc98c720_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2224

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e7eb8dc81bc678b3d5c6d6c64b7fcfa6

SHA1
6496df39a7e79f4763aab524f21459da63f3d9da

SHA256
3949b1039219643a19ba262769a4b276a66e71f5b616ba9486b0e4582c047a01

SHA512
970d041293b3c4400d99b228b6c6bf849689ecf55c263231bae457f03034ff8a178643c3e806426f077128868037650c78eaca6d813564a317019ce68240fc15

Download Submit
memory/2200-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2224-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download