bffce2e35c19e104713d1d4f76b18495ece14da9543476faea879dccf59a5d9c

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 07:49

Target

a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe
Size

79KB
MD5

a5d23a6e67e3ba4fc128f67c35ffcfa0
SHA1

415d04c0fb41610ceac9f57d867903153f2577a3
SHA256

bffce2e35c19e104713d1d4f76b18495ece14da9543476faea879dccf59a5d9c
SHA512

db999d02d7ec9440d832be256e055eeb67188814b9f84358ea5d1254488cda865e6dc9892599d369e3dc79aa229ba6ad442f6907ae673dfc7b2f842d29b4fe88
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5yvB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMyvN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1964	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2188	cmd.exe
2188	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2188	2916	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 2188	2916	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 2188	2916	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 2188	2916	a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe	29
PID 2188 wrote to memory of 1964	2188	cmd.exe	30
PID 2188 wrote to memory of 1964	2188	cmd.exe	30
PID 2188 wrote to memory of 1964	2188	cmd.exe	30
PID 2188 wrote to memory of 1964	2188	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a5d23a6e67e3ba4fc128f67c35ffcfa0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1964

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c1089734b5875240918786e5c4fee8fd

SHA1
c660e5d5cde45365f844341ad9a37ea1c97c6044

SHA256
f8fad0754c0f649b8231c00b434064b30e8ad8c7a2babf58ce6c4755ebdd6f80

SHA512
054980b9976c88ad91c46075133b82fb2a00549da8aa2590d42152613ff72a58e61d4236eab6ea9916aaea02ce71b0181fca08eb15a74ca088c0d53cc406ccb2

Download Submit
memory/1964-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2916-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download