b91fc2cbeacc007ccd94ddda664322f8ebd44132a9cd25b71aa5857fb424d497

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 07:03

Target

9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe
Size

79KB
MD5

9a08d7aab09cfa9611d9600fb9b6b050
SHA1

ecc2ec341eb4de86c71d832944055b0c2b588b28
SHA256

b91fc2cbeacc007ccd94ddda664322f8ebd44132a9cd25b71aa5857fb424d497
SHA512

28696714f3fa40835a8a8ad36d637a1f68758c21960972a3c5cb38f3525f5f68dbf4e52a44272980dfc3fbdcb4e0be083e5e072760fd5a0d77af7613bf382d7d
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1776	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2216	cmd.exe
2216	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2216	2192	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	29
PID 2192 wrote to memory of 2216	2192	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	29
PID 2192 wrote to memory of 2216	2192	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	29
PID 2192 wrote to memory of 2216	2192	9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 1776	2216	cmd.exe	30
PID 2216 wrote to memory of 1776	2216	cmd.exe	30
PID 2216 wrote to memory of 1776	2216	cmd.exe	30
PID 2216 wrote to memory of 1776	2216	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a08d7aab09cfa9611d9600fb9b6b050_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1776

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1303059315c449c82d1fd99ea873bcd2

SHA1
8df225404ebbc81b1978a45cbf5f38fae267001d

SHA256
0179cf4893e3f7e404fef57d286080aeaecec785d7386b961f3f6c8e06e7b72e

SHA512
4379466aa3b43c1a1113ed6666159ddf1e6aeea99270083ad8a05cbb9fe054fb82dc11f79d217f907a27cde1e3ebaf3f5cc500b13b220e7860e2db1916296d1c

Download Submit
memory/1776-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2192-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download