7e590867e5cd5754c42dfdbdd6fd965f5895d4d98f1a9ad693a92668eca10382

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 07:34

Target

a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe
Size

79KB
MD5

a2892d134a3390f8e88bab6d6c874830
SHA1

1d1ac943a057a5e0769d649647dde3f678e4bfcf
SHA256

7e590867e5cd5754c42dfdbdd6fd965f5895d4d98f1a9ad693a92668eca10382
SHA512

54969b5f585018d131084842f05c54257fe34672ac1c9b73b3140d447723c28d5cf8afdbf87ef5d4f5b5c7e79eab9727bdee458f0a0aceb07f67db8678c73deb
SSDEEP

1536:zvbQzr1x3VLat7qOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvbQzr1sGdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2024	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1976	cmd.exe
1976	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 1976	616	a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe	29
PID 616 wrote to memory of 1976	616	a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe	29
PID 616 wrote to memory of 1976	616	a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe	29
PID 616 wrote to memory of 1976	616	a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe	29
PID 1976 wrote to memory of 2024	1976	cmd.exe	30
PID 1976 wrote to memory of 2024	1976	cmd.exe	30
PID 1976 wrote to memory of 2024	1976	cmd.exe	30
PID 1976 wrote to memory of 2024	1976	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a2892d134a3390f8e88bab6d6c874830_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2024

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fda9acf16848abffbb09c7b806eb3c8e

SHA1
99a89a125777f331f8911e005578e09ddc2b593a

SHA256
ef40997549ba2ea1d678316c3c87dafd424e16f9484faf240596c0711fb5a607

SHA512
d25538df6c08059383ef490c36dfe3c2ae9b7960f873400c8b0be533978f8079095083c3137b1df178fd2b1fb1e8301e60a005308b631f9d63f8f2b20d2fb8fb

Download Submit
memory/616-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2024-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download