5cfa67e7f5dac17efbd39888684e9a8647446e6fed15bdacabb2ea4e81c467bb

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 09:25

Target

b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe
Size

79KB
MD5

b58dad0efc0416a244316eeac01cd800
SHA1

b9921f81643cc264a129f0ffc3bd5d137d6d30bb
SHA256

5cfa67e7f5dac17efbd39888684e9a8647446e6fed15bdacabb2ea4e81c467bb
SHA512

2273bd4b8ef3a1ea9cfff06965e4c11af93b582f3c9390c8b4afc77c7457054d7ba85f53f3820df3cdd064ad55bc653ed9ce0232f9c6cca2830d73d7581b4a59
SSDEEP

1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5y2B8GMGlZ5G:zvgMa2GdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2064	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1448	cmd.exe
1448	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1448	1252	b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe	29
PID 1252 wrote to memory of 1448	1252	b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe	29
PID 1252 wrote to memory of 1448	1252	b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe	29
PID 1252 wrote to memory of 1448	1252	b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe	29
PID 1448 wrote to memory of 2064	1448	cmd.exe	30
PID 1448 wrote to memory of 2064	1448	cmd.exe	30
PID 1448 wrote to memory of 2064	1448	cmd.exe	30
PID 1448 wrote to memory of 2064	1448	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b58dad0efc0416a244316eeac01cd800_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2064

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0065377d60facbc6a1a49f48fb467a3a

SHA1
c0232b4e15f7a910aa9055e47f14a287c8cbefe7

SHA256
476bc40d5a57b7ea19c0135c8ee8a534b90b10a3d68a8a6972b7eec29c817af7

SHA512
3c2690a47dec9ba8314d8a5e1e3bf7752877138e98c2a6053261f7e15f028b0e2b61a4eeca3679149ef39509d2438a1f48ca7e4cbc98f667ed4f5aa9b3013116

Download Submit
memory/1252-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2064-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download