0d1cd06e5e0fc404fc40f83bb0f84a75ac19e4529dfb9e2b4b49519ab7cfac53

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:34

Target

7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe
Size

73KB
MD5

7fc8eac723c51babc30e811d12517b90
SHA1

c506d0e6ab3d47539d911821aec6082a198c8628
SHA256

0d1cd06e5e0fc404fc40f83bb0f84a75ac19e4529dfb9e2b4b49519ab7cfac53
SHA512

ef68af0f49df4cb6f07303b6a1291776cb5d03f017849479dfe6679dff23f5be6172a10b027d9c11893c66dd31c0c9a03e0f5adb475c57d67209cee49ec9d161
SSDEEP

1536:hb7nBr6k84jyqPdK5QPqfhVWbdsmA+RjPFLC+e5hT0ZGUGf2g:h3V5XLNPqfcxA+HFshTOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3036	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3016	cmd.exe
3016	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 3016	2848	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	29
PID 2848 wrote to memory of 3016	2848	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	29
PID 2848 wrote to memory of 3016	2848	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	29
PID 2848 wrote to memory of 3016	2848	7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe	29
PID 3016 wrote to memory of 3036	3016	cmd.exe	30
PID 3016 wrote to memory of 3036	3016	cmd.exe	30
PID 3016 wrote to memory of 3036	3016	cmd.exe	30
PID 3016 wrote to memory of 3036	3016	cmd.exe	30
PID 3036 wrote to memory of 2144	3036	[email protected]	31
PID 3036 wrote to memory of 2144	3036	[email protected]	31
PID 3036 wrote to memory of 2144	3036	[email protected]	31
PID 3036 wrote to memory of 2144	3036	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7fc8eac723c51babc30e811d12517b90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2144

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
cf2d80bb1bf808341d8cdaa536375258

SHA1
c0577a17d176a50ad3176f1c802347e010621cb0

SHA256
3ff81de8a187c17eeb7052a157eba37894d54b850fe58f38674b8b04619af709

SHA512
ce8408fbe3605106c838d06346007226b82100f3e7f61e0958c50171943a885f12223f00ce08d8d70ec85731718ab0b17eef9cf36ca7daa0f3da4ed30d4f717d

Download Submit
memory/2848-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3036-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download