b243a9016b65a8e85db7e475ef08c6f07019c7a3562dcc58ea7ab29669dbe414

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:34

Target

5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe
Size

79KB
MD5

5f0e9d6d83f2f67c1fdfdafae1bef5c0
SHA1

571d076e2cbbb59befadeaf4a89b8280812ffece
SHA256

b243a9016b65a8e85db7e475ef08c6f07019c7a3562dcc58ea7ab29669dbe414
SHA512

9f023a9227499b6f6dc49e8dda60930487362a6a09aa9700b343ec58e8cccd5e2ffd22c37532af1e6e22124bb99c7a4f1be77261fd0896853959d3e70bb6da85
SSDEEP

1536:zvuE77Aou+e+OQA8AkqUhMb2nuy5wgIP0CSJ+5y4B8GMGlZ5G:zvuE7c+MGdqU7uy5w9WMy4N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2872	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2224	cmd.exe
2224	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2224	1664	5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe	29
PID 1664 wrote to memory of 2224	1664	5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe	29
PID 1664 wrote to memory of 2224	1664	5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe	29
PID 1664 wrote to memory of 2224	1664	5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe	29
PID 2224 wrote to memory of 2872	2224	cmd.exe	30
PID 2224 wrote to memory of 2872	2224	cmd.exe	30
PID 2224 wrote to memory of 2872	2224	cmd.exe	30
PID 2224 wrote to memory of 2872	2224	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f0e9d6d83f2f67c1fdfdafae1bef5c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2872

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7379d1ed80ccdd1b8c870a390cd5d203

SHA1
291af76d69c0dbaeb0eef856d2f3e9047f4515b6

SHA256
548711ffeb5765ce050b417bfd285e068a3140181f8be8ed0095869f773d7b61

SHA512
4507f7440adeee020c99fb58e55b482326b9a703f031b6126d2a64642082ff3fafb2803033b4d6c9ee48a5c6f5d4d474f5bbb41f11ba827a6930176c83f0ac9c

Download Submit
memory/1664-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2872-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download