35ac2e7e952c83ce77cbddc3f2b205dc4966a5790f1c11b302cff02301044e30

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:39

Target

603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe
Size

79KB
MD5

603a96f9264f1e612a4d787432f96f40
SHA1

76cb7550831df03528a99b13323dc4e0896a1b49
SHA256

35ac2e7e952c83ce77cbddc3f2b205dc4966a5790f1c11b302cff02301044e30
SHA512

4eb1cac145caa3419c98071492e03c8ab28b9714db5102f1f6268d9e029884ced977176c71a9a1b822fdec778c43ee3233fa7a2ca601f2c8db62eb11f1b76e16
SSDEEP

1536:zvB/Svt0YimPbTPH09EEOQA8AkqUhMb2nuy5wgIP0CSJ+5yBOB8GMGlZ5G:zvBItbiM7U9EhGdqU7uy5w9WMyBON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2400	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2412	cmd.exe
2412	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2412	2848	603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe	29
PID 2848 wrote to memory of 2412	2848	603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe	29
PID 2848 wrote to memory of 2412	2848	603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe	29
PID 2848 wrote to memory of 2412	2848	603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe	29
PID 2412 wrote to memory of 2400	2412	cmd.exe	30
PID 2412 wrote to memory of 2400	2412	cmd.exe	30
PID 2412 wrote to memory of 2400	2412	cmd.exe	30
PID 2412 wrote to memory of 2400	2412	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\603a96f9264f1e612a4d787432f96f40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2400

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
76f2d5ac2968f71381b1fc0a9bdcc723

SHA1
5800e545d3d62298767dc0e88fecb3e911117fcf

SHA256
080a0d1fae4b8a9ce1fc12e33fd76de7352690a0bf0a5e27652b58a6fcb5a0ee

SHA512
c459edda064c6c787dc20ade39b2a0c88807c15c794fbf6d8efa96e00336ab8ad5cc8e00a0c1abf11b494d7ba39eba5e4b49d0f34fb6edf06ccdbc3e9ba06beb

Download Submit
memory/2400-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2848-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download