0d0c954f5577b2f37bc1baa576f169472f2fb94e811ac13d6dda0e4d999e3197

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 06:54

Target

975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe
Size

79KB
MD5

975461fd2f5e4bc2c5022471cdb2e100
SHA1

9b2b39578c3d92ac5da254f7adb9adfa10bb3132
SHA256

0d0c954f5577b2f37bc1baa576f169472f2fb94e811ac13d6dda0e4d999e3197
SHA512

b724ad5c7556440b605d18c0c67d40f26958e4ce5fc43e40709a90fb740fc747b5667e57a8d66cfe716075f81a0c284265611c6555a7a2d0ad057b2267a57b91
SSDEEP

1536:zvMewwwA2UXezoXCOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zvMewwwbeN3GdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1680	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1028	cmd.exe
1028	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 1028	2328	975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1028	2328	975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1028	2328	975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1028	2328	975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe	29
PID 1028 wrote to memory of 1680	1028	cmd.exe	30
PID 1028 wrote to memory of 1680	1028	cmd.exe	30
PID 1028 wrote to memory of 1680	1028	cmd.exe	30
PID 1028 wrote to memory of 1680	1028	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\975461fd2f5e4bc2c5022471cdb2e100_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1680

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6c286d083175e21cd42749491ec9599c

SHA1
0b1580738f286c764b619554010396a17257bb1b

SHA256
ca4a00827116965d8ff19948091ff4ce9a115260d45a529ace5afb830baa19d2

SHA512
a80923406b5aed9ae29caa56286012972d9a9798b40d5d4a9a79f88231ee378be49678c889a457faa6f7885d81442713caa50afdad4acb3f5c005ca7c9ca4a42

Download Submit
memory/1680-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2328-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download