99830d19c0d1d08b8fa9c6e181ce26a2c115bf2d781789c0fb67f8383f700bcf

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 21:20

Target

001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe
Size

79KB
MD5

001218b9dbc463cd6564bebec3c574f0
SHA1

ad512ff213bb081653c5a773a947b266798960c5
SHA256

99830d19c0d1d08b8fa9c6e181ce26a2c115bf2d781789c0fb67f8383f700bcf
SHA512

be05f8131a48df398f7f73793293cd45196c8cf577a8cbe90363753c2f7a162f1433232542de19200aa8e93147cb2d985c9fa4b044dbff8a27665312d482b544
SSDEEP

1536:zvXObzfMmFJA4r0BOQA8AkqUhMb2nuy5wgIP0CSJ+5yzB8GMGlZ5G:zvXOnkmw4rdGdqU7uy5w9WMyzN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1724	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1744	cmd.exe
1744	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1744	2932	001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 1744	2932	001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 1744	2932	001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 1744	2932	001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe	29
PID 1744 wrote to memory of 1724	1744	cmd.exe	30
PID 1744 wrote to memory of 1724	1744	cmd.exe	30
PID 1744 wrote to memory of 1724	1744	cmd.exe	30
PID 1744 wrote to memory of 1724	1744	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\001218b9dbc463cd6564bebec3c574f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1724

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
933f9f96100529e2249eab858af331d4

SHA1
28d5a813e00f628be47daaf189bacba79875ec7e

SHA256
16bb9ccc82adb6b3427efcecca77d99814ef875188b8f5c4e9151e8add0b821c

SHA512
c3169027c570a89e051f354ab54441272db96ddd51bb4cf91e8f6b6aa48d0bd17b15f374b0ec436cd60a222a66acce908db8a377d3e4e0a2111d14713336c1b3

Download Submit
memory/1724-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2932-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download