03897df0bd1a28cc478bb204c3abc4622492622add85d40ddc9cab0bd3faedc9

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 04:26

Target

6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe
Size

79KB
MD5

6cfa34f8c42c3cab13db74fae331f970
SHA1

3bfdba3ab9c13efd41ec7431a14604c6ca0584b2
SHA256

03897df0bd1a28cc478bb204c3abc4622492622add85d40ddc9cab0bd3faedc9
SHA512

c9e384e1aa9526388c08e8a3a86d6842c6e6746626cdb8e895810e1f9f8869ed6578e6d2e6af8e62d1502a460d8eb349a2d2886cd286175cd967c32fb90353e4
SSDEEP

1536:zvf6IcE+NURbOQA8AkqUhMb2nuy5wgIP0CSJ+5ywB8GMGlZ5G:zvEE+NmKGdqU7uy5w9WMywN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2700	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3036	cmd.exe
3036	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 3036	2892	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 3036	2892	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 3036	2892	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 3036	2892	6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe	29
PID 3036 wrote to memory of 2700	3036	cmd.exe	30
PID 3036 wrote to memory of 2700	3036	cmd.exe	30
PID 3036 wrote to memory of 2700	3036	cmd.exe	30
PID 3036 wrote to memory of 2700	3036	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6cfa34f8c42c3cab13db74fae331f970_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2700

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3fcca6c0b7c6cae01802ff6f7180b230

SHA1
20050c80251ed36c662caed131a308ceaf9944f7

SHA256
77159911fe5c6ed3583ea1c1e4b704f575ae4504590d3144910ca05a0fe09abb

SHA512
b72e1de42d1afa2e7a6d95ba59342b8e48fbc2d013664b215d145bc5f14ea30f92bc32ee246504664309f1cd17ddd973c0e0050e4a35e6090e76cf4388feafa9

Download Submit
memory/2700-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2892-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download