445fc899207d2f7e4a555469f07f562603d1769a10f37a7f55d594f85a408dfd

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 00:14

Target

29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe
Size

79KB
MD5

29b46482b74471d0d9f125fd88a80930
SHA1

48cd899e1732b2ede635a4b76345655fb94b551a
SHA256

445fc899207d2f7e4a555469f07f562603d1769a10f37a7f55d594f85a408dfd
SHA512

5b5cd789ac68c7882f07fec9a43e20e76656e6d9881792130c2679ecfc7579a4ca6600d29de627df7a1d8252f6efbe388e2f9ebf42a92cf09366a632f047ff2c
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2360	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2340	cmd.exe
2340	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2340	1520	29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe	29
PID 1520 wrote to memory of 2340	1520	29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe	29
PID 1520 wrote to memory of 2340	1520	29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe	29
PID 1520 wrote to memory of 2340	1520	29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe	29
PID 2340 wrote to memory of 2360	2340	cmd.exe	30
PID 2340 wrote to memory of 2360	2340	cmd.exe	30
PID 2340 wrote to memory of 2360	2340	cmd.exe	30
PID 2340 wrote to memory of 2360	2340	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\29b46482b74471d0d9f125fd88a80930_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2360

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c3b55517019361c5b33065fb0589adf1

SHA1
c45befb1c77a55e37e25ab1998ccda16c61bef24

SHA256
1bc25bdb71b29e010c91fb11c2e63b0ee161beab46a44ecfb44f14c8ccf731de

SHA512
622f54b02ffde7f6fcacc77e935f14af2dfe555417267909117f1e11426d6da938bcde211429d00b325de735529f90f8bc1627d2c72a69fea6b77d4ea1aada41

Download Submit
memory/1520-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2360-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download