9f2202aa901ddef61eb96d618f93bba1095f12f8a6a9ea53a72d957538f21fda

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:32

Target

7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe
Size

79KB
MD5

7f28716dff9220684bdf6b76dff6fee0
SHA1

7ec454ea2a26c87198c7301bf9bfdd8efd4890c4
SHA256

9f2202aa901ddef61eb96d618f93bba1095f12f8a6a9ea53a72d957538f21fda
SHA512

5317a227896b5baf551532cc59f738a999ec0a0a7c5e436affa587c4a211fab6dfa3585253cefa8fe1a87a7fda4aa009ba38ba612abaef5b2c2b63c124a8aaf0
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zv652PjGdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2824	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2736	cmd.exe
2736	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2736	1936	7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2736	1936	7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2736	1936	7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2736	1936	7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe	29
PID 2736 wrote to memory of 2824	2736	cmd.exe	30
PID 2736 wrote to memory of 2824	2736	cmd.exe	30
PID 2736 wrote to memory of 2824	2736	cmd.exe	30
PID 2736 wrote to memory of 2824	2736	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7f28716dff9220684bdf6b76dff6fee0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2824

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
09a9240bef77db391a006974ced69337

SHA1
40e2759ba4384f1c231aeffbf4cf59482be7e4cc

SHA256
1ff238613e48a87a0fd89ee11d625cb618dcba8171cd76aa406b3dfc3bd9ab94

SHA512
9232e746d37119641e82607ad2b633065677d1c119c304195173aec647bfde0bff8f3af7a9544aefa300c8e24824ddf578f670b7e622f1caaa10ea52d7691969

Download Submit
memory/1936-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2824-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download