8f65eb23750b03f65bcad6d740163c4feefd58c23b0f870d0b3d23c68306c3a6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:05

Target

78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe
Size

79KB
MD5

78220d99aac1c57d81bf6e9793b8d5e0
SHA1

4a8822ac1a48804ed0342820d66369801413a73d
SHA256

8f65eb23750b03f65bcad6d740163c4feefd58c23b0f870d0b3d23c68306c3a6
SHA512

a71bae8398b8783d120860d3a339c46267f3377fccc4e919688a0da18e03243c411f4c08bac074af18d010aae7f0e6865c4c1859768fa400b4b897b4ea01a7d6
SSDEEP

1536:zvm5Om0rld8Ms1FAOgSmOQA8AkqUhMb2nuy5wgIP0CSJ+5yWB8GMGlZ5G:zvm5OTld8r1QSjGdqU7uy5w9WMyWN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2260	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2788	cmd.exe
2788	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2788	2916	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 2788	2916	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 2788	2916	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 2788	2916	78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe	29
PID 2788 wrote to memory of 2260	2788	cmd.exe	30
PID 2788 wrote to memory of 2260	2788	cmd.exe	30
PID 2788 wrote to memory of 2260	2788	cmd.exe	30
PID 2788 wrote to memory of 2260	2788	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\78220d99aac1c57d81bf6e9793b8d5e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2260

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6fce57a8e6a64fec1bb61c1c60c6d2a7

SHA1
a7f234738b749f1593428f0870f0531f3702cf94

SHA256
7359a7371f945d850fd15f386bb95a0b96eaf33afb8930061f354f0d25117d6b

SHA512
060d4b4f31fc441ec33cb142f42ca1df3cc136530ea46cc544b74c6c9a5a44cbbf87fdcb390b6493d007ca5ea2b00bd2ec782fb304e483c08d666b72cbe79244

Download Submit
memory/2260-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2916-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download