707d427a7ad3f0fcc269fbf03141ef06cda0746a497da96df061a248105906e1

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 00:33

Target

2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe
Size

79KB
MD5

2e9468c8459cdcedb492789a36c90e70
SHA1

69b2a8e20aaf7114d91a77907345bfa172302787
SHA256

707d427a7ad3f0fcc269fbf03141ef06cda0746a497da96df061a248105906e1
SHA512

0f8d74fca610fbbc7447c6adef232c7cca60086f4069e1b9b296d565de25433f629982801720d1d535ac7bb16ee624d69fc372b7a92c1d5e892847411156bef3
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1880	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1648	cmd.exe
1648	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1648	2084	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	29
PID 2084 wrote to memory of 1648	2084	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	29
PID 2084 wrote to memory of 1648	2084	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	29
PID 2084 wrote to memory of 1648	2084	2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe	29
PID 1648 wrote to memory of 1880	1648	cmd.exe	30
PID 1648 wrote to memory of 1880	1648	cmd.exe	30
PID 1648 wrote to memory of 1880	1648	cmd.exe	30
PID 1648 wrote to memory of 1880	1648	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2e9468c8459cdcedb492789a36c90e70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1880

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ac52eed606175d673d49ca8a6497f5e5

SHA1
2ba89aa1889f4efaa151ef621419e8c4fb54c279

SHA256
2fdfbedb0a4c9533c9b887d137c6606e2f768b57e4b49270e2efd23e396f67f8

SHA512
ed1185ec45e4f286b9543e9eaa11933947ce9e0f4ac6db1d245ff5d9bf3c20390264d5ba1a68d3dcdbb47574ee17046f6cc1e5c50e683a7058c50087923d9206

Download Submit
memory/1880-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2084-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download