df9db534b3574be2cbd77f024836f4a679b63ef12e272cdd9380aa72f793afa3

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 07:24

Target

a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe
Size

79KB
MD5

a03299f87538aa48069addfe7203eca0
SHA1

bc39336641296fed8dbbcae799fb537ba39c2f5e
SHA256

df9db534b3574be2cbd77f024836f4a679b63ef12e272cdd9380aa72f793afa3
SHA512

f6b3a92a455603125ea370f38cf334ac56dad0348439136bb84e5e8b8b043dcf9012b8258ef96687984146cdfbec45a088139bf3c4ce3e1e10e65161250c98c9
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5yaB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMyaN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2320	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2280	cmd.exe
2280	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2280	2712	a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe	29
PID 2712 wrote to memory of 2280	2712	a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe	29
PID 2712 wrote to memory of 2280	2712	a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe	29
PID 2712 wrote to memory of 2280	2712	a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe	29
PID 2280 wrote to memory of 2320	2280	cmd.exe	30
PID 2280 wrote to memory of 2320	2280	cmd.exe	30
PID 2280 wrote to memory of 2320	2280	cmd.exe	30
PID 2280 wrote to memory of 2320	2280	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a03299f87538aa48069addfe7203eca0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2320

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ee135ec5ab4c98177fe78bcc3f0869f5

SHA1
48ae99fded41ab3b667e66333541003c067f4815

SHA256
7659dbb4a6f3d50a9d4d1d4f4b04e75be1142d7f2156feb0b14c45e8219ebf85

SHA512
37048a83cbb922df265b779f6d06a2731ee4ef104d18c7e142332e600d25df953b00cf4ac6f0e99c981a54cf24d4d7328894c694e76a05f4e55cece26804cfb1

Download Submit
memory/2320-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2712-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download