f44dd7eeba83ce2f713816504ef998f0a2722462c8c3f52d6c442d01bdfc47a0

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 00:04

Target

2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe
Size

79KB
MD5

2743d090fb73c9039d4de02a80fbeb30
SHA1

3a44ddb9353e67335047cf3d020cca32b2b6fd30
SHA256

f44dd7eeba83ce2f713816504ef998f0a2722462c8c3f52d6c442d01bdfc47a0
SHA512

d45b2a7990d2d095beaad17b15f74d3c8071a5ab601a2db9708a833715481db54f4f67f470355c5956e410bde6b5f540b729d086939b3c552da061bd1dd8c8bf
SSDEEP

1536:zv30BogFKXFLUzkNMTOQA8AkqUhMb2nuy5wgIP0CSJ+5yp2B8GMGlZ5G:zv34WUiHGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2552	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2784	cmd.exe
2784	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2784	2896	2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe	29
PID 2896 wrote to memory of 2784	2896	2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe	29
PID 2896 wrote to memory of 2784	2896	2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe	29
PID 2896 wrote to memory of 2784	2896	2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe	29
PID 2784 wrote to memory of 2552	2784	cmd.exe	30
PID 2784 wrote to memory of 2552	2784	cmd.exe	30
PID 2784 wrote to memory of 2552	2784	cmd.exe	30
PID 2784 wrote to memory of 2552	2784	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2743d090fb73c9039d4de02a80fbeb30_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2552

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
455d52830930a8e3205bcb2e9feae17e

SHA1
c57a54f003908add2549489e16762e07df350392

SHA256
0425b36a38af5386bd1040a72883ed3fb346be72be2b6b9a8a5b65610a3db4ce

SHA512
ff908a9f6566ea5d53904e4bb6f70d151c1216f639539d909ba936d83a8cb8d0248d7d40e83806025a020adcfefff110f7ca31c064b4825dba11cbef6a61fe08

Download Submit
memory/2552-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2896-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download