78545cd61d5a0ad4016b1f7e239541f8d69ff7c3e34e632d63da24636a0a373a

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 04:47

Target

730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe
Size

79KB
MD5

730557fb203ad79ff24df1ade72fc7b0
SHA1

889a82386acc496d8aab35afef111022b8b42eae
SHA256

78545cd61d5a0ad4016b1f7e239541f8d69ff7c3e34e632d63da24636a0a373a
SHA512

2bf0a1fb6550c42f556e2e5980733a2e86802913b5bdd7a2575b2890be82a608c9fd0ba3b12a2e9b044ddb75c902b5a579faf010cac123de1091a66286175c62
SSDEEP

1536:zvdpDHWjMdEtZeZv9OQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvdpCIcmvkGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1032	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3012	cmd.exe
3012	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3012	2172	730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 3012	2172	730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 3012	2172	730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 3012	2172	730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 1032	3012	cmd.exe	30
PID 3012 wrote to memory of 1032	3012	cmd.exe	30
PID 3012 wrote to memory of 1032	3012	cmd.exe	30
PID 3012 wrote to memory of 1032	3012	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1032

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
46bb278189f23a0a3451bb9ff7612a7d

SHA1
c0b6c28c74a8d500dc9ad64adcc83834e2820402

SHA256
5749a09ad16c88570300ee28c7b0867c57b59fa7c5f5164495c9895d6d174b20

SHA512
5d5056474edb0e3493bd28b0ca95266bcfca6a920823fbe58d6a8491643e317350035d9fe2da65b22b461a40b828205b5497209e9948a98681f6cb6a0442ed31

Download Submit
memory/1032-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2172-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download