278b92ed2586b784f82ce0d149889338f9ce111f85bbb37c88645d005aea4278

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 05:57

Target

8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe
Size

79KB
MD5

8675a34b649c765d143aef3b635bede0
SHA1

cd8b99899ef02a14b1ce9dd8c3becb9caf7bca43
SHA256

278b92ed2586b784f82ce0d149889338f9ce111f85bbb37c88645d005aea4278
SHA512

3de1a0e1a8ae06610e19eed3735ead7e2fdbb8f12ece5bd7dc4300313e20514a9aee802f9bd4b6a9238caa5fd1e42cf7b89cf3923d3f2a35d6782fc75a5b6677
SSDEEP

1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2892	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2912	cmd.exe
2912	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2912	2276	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	29
PID 2276 wrote to memory of 2912	2276	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	29
PID 2276 wrote to memory of 2912	2276	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	29
PID 2276 wrote to memory of 2912	2276	8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe	29
PID 2912 wrote to memory of 2892	2912	cmd.exe	30
PID 2912 wrote to memory of 2892	2912	cmd.exe	30
PID 2912 wrote to memory of 2892	2912	cmd.exe	30
PID 2912 wrote to memory of 2892	2912	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8675a34b649c765d143aef3b635bede0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2892

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6ae6faa530771642d891e4f1916e05bd

SHA1
e7379ea23fae15103a9fbeee69e687acae1c780a

SHA256
70fca4d2c90693edf59afcc837d98a29bf6da12732a2d2e29b29cca64f4120d9

SHA512
38dfc39bc503bd435129d4e4faf0407f4096648f0bab1b64aacb2529b7ddc88147e1aa6a296127f0c34c6aef08cef2cd178d8be53f16ee1126afb87caa3758a3

Download Submit
memory/2276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2892-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download