40512bd831aed070dad7827d67dcdc01ab9e35f8d96c8abd14a1ffbcd0ab3ecf

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 09:08

Target

b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe
Size

79KB
MD5

b17a34c2d481dd9d57dbd4b362a55190
SHA1

a8e0506247b8cd298a688226b01ab77b0bc85596
SHA256

40512bd831aed070dad7827d67dcdc01ab9e35f8d96c8abd14a1ffbcd0ab3ecf
SHA512

32369b1ed69e0776a8a19d4c823b41bea797bdc58b9c2e80b9a7cff2db4329484ce6b9d9d64772ac46ce312911b068661223c9a4cfddf4bd7918b83c6a6d4d1c
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1048	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1584	cmd.exe
1584	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1584	2364	b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 1584	2364	b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 1584	2364	b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 1584	2364	b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe	29
PID 1584 wrote to memory of 1048	1584	cmd.exe	30
PID 1584 wrote to memory of 1048	1584	cmd.exe	30
PID 1584 wrote to memory of 1048	1584	cmd.exe	30
PID 1584 wrote to memory of 1048	1584	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b17a34c2d481dd9d57dbd4b362a55190_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1048

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
74b2ce3db4ced6d0cc4259304dc60e6e

SHA1
afa7373640ed5702efbfd3fc63ca787bd2324519

SHA256
ee94bb41aa6b254b4170dcf468395b695c9da44c4191eaff2434a5cb15c11bab

SHA512
cad72e26220b6a6caeb9cec8f483e4b1b4d7c5acc502a5280aaf74d80189a9cfdc2cfce42c69f24aabae5abd76997eccdcf1c3988740577891f2d3c72a913f43

Download Submit
memory/1048-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2364-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download