c2e3b7ee324e1d12cacd6333cf4be57f6e0168be1992bfdb03453de48af6a626

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:16

Target

7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe
Size

79KB
MD5

7b302c67c98ea001d667b1f250f9acf0
SHA1

490dc5d2c6ddc807a8673d160c40aa60ee023533
SHA256

c2e3b7ee324e1d12cacd6333cf4be57f6e0168be1992bfdb03453de48af6a626
SHA512

6a9545e15788ba3c21037b3b9f6c49531e3fd57f8881ff52ccc3ef30676f980789c01a45b9f3e42e04c31063c62b63bf126760e23964f53e2a3ad3218233323b
SSDEEP

1536:zvWVp8E5yc1l8OUhOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zvAiLOhGdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2992	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2704	cmd.exe
2704	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2704	2300	7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe	29
PID 2300 wrote to memory of 2704	2300	7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe	29
PID 2300 wrote to memory of 2704	2300	7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe	29
PID 2300 wrote to memory of 2704	2300	7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe	29
PID 2704 wrote to memory of 2992	2704	cmd.exe	30
PID 2704 wrote to memory of 2992	2704	cmd.exe	30
PID 2704 wrote to memory of 2992	2704	cmd.exe	30
PID 2704 wrote to memory of 2992	2704	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b302c67c98ea001d667b1f250f9acf0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2992

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fcedcd38e637e5d2ae33637ff8045f60

SHA1
2a492902f90b91170a84b8439b1aa60300b540fb

SHA256
96c0d7cc2fd38aa57b316b76300a9e32569d74c38fb183143cac0bdfb6c183ee

SHA512
b7b59dbed115dd62bec1040e3905e6b5db8164b1204946ce449f5aafeca0388f5ddbe2f8fba770bc318d1af4ce7fba0c9f60c0b20610b4b4f6bb12ecf66e1fe8

Download Submit
memory/2300-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2992-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download