4868a82ea14efdb0fc63234d4f641389f56f9d2918050e229a1c9c31396b6456

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 01:05

Target

36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe
Size

79KB
MD5

36d0971c4116e4cf8f071d70b0f49730
SHA1

4b6f3d4f559e0bc78df889d16cb6d169e6940911
SHA256

4868a82ea14efdb0fc63234d4f641389f56f9d2918050e229a1c9c31396b6456
SHA512

f49e3e25883eea6cf21f8b0ac86c9c61b177ac3e057aaa3eb194f20b1df5c91220672c108ebdd3d709c9143f4687c0e2aacab3f15d5489d9f11c7e8b0abef778
SSDEEP

1536:zv9JlQP/CngmOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zv/SqgjGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2984	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1032	cmd.exe
1032	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1032	2392	36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1032	2392	36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1032	2392	36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1032	2392	36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe	29
PID 1032 wrote to memory of 2984	1032	cmd.exe	30
PID 1032 wrote to memory of 2984	1032	cmd.exe	30
PID 1032 wrote to memory of 2984	1032	cmd.exe	30
PID 1032 wrote to memory of 2984	1032	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\36d0971c4116e4cf8f071d70b0f49730_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1032
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2984

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5b28e28bab1591039db60fce563f256b

SHA1
26627e94c8a4f0abf4d60841a4ad032c23a571db

SHA256
a8e10483a20a7460e72c0870fd7afed1094cb7836bcd9cd686f8b132f77f5840

SHA512
22c6d4b66fe3c10cbbebea1a7fc1dade27c2e5c82d5e39cda3b5ac86899959413b58a6697514146bd760a265fe7375699e28aab0f8e811e20f5e4f13ee9b179e

Download Submit
memory/2392-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2984-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download