8811bd991ce6be426cafcfba11963999b00ed683bceb1c2dd5b66b106c32f26e

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 02:06

Target

4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe
Size

73KB
MD5

4707875add4a4034fab6ff2ddf78e680
SHA1

9a13d13cf6401b56ff5173209a54abc9e7908c14
SHA256

8811bd991ce6be426cafcfba11963999b00ed683bceb1c2dd5b66b106c32f26e
SHA512

20f739fee67c79e4a88e6940cad87304017e4e7b10191b661b7dc30f8ed589c7301bd1b98671840631c8d9a539bcdee0f58459bcd0c6c880a8725fa1cab705db
SSDEEP

1536:hbFyTX0K27JcCK5QPqfhVWbdsmA+RjPFLC+e5h20ZGUGf2g:h8b0H7JcCNPqfcxA+HFsh2Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2100	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2064	cmd.exe
2064	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2064	2936	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	30
PID 2936 wrote to memory of 2064	2936	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	30
PID 2936 wrote to memory of 2064	2936	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	30
PID 2936 wrote to memory of 2064	2936	4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe	30
PID 2064 wrote to memory of 2100	2064	cmd.exe	31
PID 2064 wrote to memory of 2100	2064	cmd.exe	31
PID 2064 wrote to memory of 2100	2064	cmd.exe	31
PID 2064 wrote to memory of 2100	2064	cmd.exe	31
PID 2100 wrote to memory of 2824	2100	[email protected]	32
PID 2100 wrote to memory of 2824	2100	[email protected]	32
PID 2100 wrote to memory of 2824	2100	[email protected]	32
PID 2100 wrote to memory of 2824	2100	[email protected]	32

C:\Users\Admin\AppData\Local\Temp\4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4707875add4a4034fab6ff2ddf78e680_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2100
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2824

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
16a7f7ce1378f5100788c9e69ef451d5

SHA1
955599db8db7d10df677c2f3b366f9a20b3dcace

SHA256
d8df9e9f7dbc1dfb7a89d3af04d1d6fefa97d0beb6b17a85729150b5dfd7bc28

SHA512
fedda0197979387f23dafb2e818df729bb567db1c2dffa913ac8fe48d61bda87f067b3046155aaa3d575d8f874812586edfa43c76deab69473e8e7570c24e15b

Download Submit
memory/2100-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2936-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download