3b96fd5f9c5f06d53d988092120059b851e967b0c95ed0df418e0835298a7a43

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 05:09

Target

794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe
Size

79KB
MD5

794b4619915ed26dd845a184ef163500
SHA1

13acd2c1e6a44296a6a1831f717b0797883da516
SHA256

3b96fd5f9c5f06d53d988092120059b851e967b0c95ed0df418e0835298a7a43
SHA512

55a6eabb4994f58eb45915c21ce25b81104544dd956b3e0d1f463599c656516b8f16b069124044a30e2b7df5080a1942c922558d48459b1961a5c7186529ca07
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvyCjubEGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1748	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1628	cmd.exe
1628	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1628	2052	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	29
PID 2052 wrote to memory of 1628	2052	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	29
PID 2052 wrote to memory of 1628	2052	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	29
PID 2052 wrote to memory of 1628	2052	794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe	29
PID 1628 wrote to memory of 1748	1628	cmd.exe	30
PID 1628 wrote to memory of 1748	1628	cmd.exe	30
PID 1628 wrote to memory of 1748	1628	cmd.exe	30
PID 1628 wrote to memory of 1748	1628	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\794b4619915ed26dd845a184ef163500_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1748

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d3e7d317b62a6e9edf30966622a9abad

SHA1
45bd875e4fbe9309100a2818d5aec10ff6edb992

SHA256
017fc5c1745cce88c276e27e65c365158b8ea24aa0f2ccc4dcddd1531593e7e8

SHA512
efb0cf7483522812ae851dd0867f13784f919593e273dc8bfe7bb3e61db3d7ff24032a841d8684039ec9b8b83c5f086483514c3ec9a7f746adca00e38c42a6ed

Download Submit
memory/1748-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2052-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download