6b1698aade5d822812c4f3d5df054a85b1deb2396f51afc21c894c215bb403a8

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 00:35

Target

2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe
Size

79KB
MD5

2f14d9dd7f324205f70dfb7d2f124f70
SHA1

bafe3d5bb8f947758b692cf93ca37761fa7f2ebe
SHA256

6b1698aade5d822812c4f3d5df054a85b1deb2396f51afc21c894c215bb403a8
SHA512

87d466a1ed99d1dd6a9655e5fb03af311caeade088e17fe6725f90f97b3cbdce4b79f78ec12feae765061fbe54ae8929f3b6eff3fba75c498568792ef9627c98
SSDEEP

1536:zvYP9EPgBWhAOQA8AkqUhMb2nuy5wgIP0CSJ+5yBB8GMGlZ5G:zv091B0GdqU7uy5w9WMyBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1016	cmd.exe
1016	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1016	3056	2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe	29
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f14d9dd7f324205f70dfb7d2f124f70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2456

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ef4b7eabcaec376a47beffe69e416bc5

SHA1
0a88b813e87ef470111c829e65f0176372a094e8

SHA256
910c074aa218d341d3b4f4f73c29b58e7f065e9f7b605965189e8a667947bcf4

SHA512
2bf5061dcf5a4fcd82a74313565528b75226aae24c817e1c11aeeebd126fa917509ca056bc2aeca8ac5d9a06e276ce83a869aaf63fc2d93d9349c426bdeef1f5

Download Submit
memory/2456-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download