92b5d25c186b8fb6b7f891d80f3f4e4def99d1fd1e9b32ee2d3f1f15529a05bc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 03:43

Target

6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe
Size

79KB
MD5

6138e0cb702eb1a82631db2144946500
SHA1

450a05a772d9101f6cd39cc24ff3cd6436f94842
SHA256

92b5d25c186b8fb6b7f891d80f3f4e4def99d1fd1e9b32ee2d3f1f15529a05bc
SHA512

69ae0eacd6026571f828576c5e237910db84651ba001c4764d55a35d48327b0b1695cac97e19420d7a21608340ce082d6c55aa97e534827efecd744dbf2bf2c0
SSDEEP

1536:zvQb9dKA5s3NfihCqeOQA8AkqUhMb2nuy5wgIP0CSJ+5yUB8GMGlZ5G:zvQPKA5s9GNLGdqU7uy5w9WMyUN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2076	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1936	cmd.exe
1936	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1936	2936	6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 1936	2936	6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 1936	2936	6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 1936	2936	6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2076	1936	cmd.exe	30
PID 1936 wrote to memory of 2076	1936	cmd.exe	30
PID 1936 wrote to memory of 2076	1936	cmd.exe	30
PID 1936 wrote to memory of 2076	1936	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6138e0cb702eb1a82631db2144946500_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2076

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
78b3f1de70bb29be13125fc2364ea72c

SHA1
07c440896b9dc53950efa9211e895eebe4e8ca6e

SHA256
5c5eb2ed596c794aa4afa0e8d8e3c82b8b8f9bc56040618318d545983136eea8

SHA512
9c8e134160f58e70a7839b927368b33dc1bd01ec69420e8543cfd3d075cdbdeed2472063be72ab35783c6f8306a70f6fd3fff850a9873a6118926029ff8e5b6c

Download Submit
memory/2076-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2936-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download