0a3df0ed621b08082464ad5c7292dd1bca60a153d6d7cdfb3cf3a7d71c4347bf

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 11:10

Target

ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe
Size

79KB
MD5

ce0729555e70e53aa769804872a11a20
SHA1

83e2a93d8ced3c153f65bb8768e00fee4357200f
SHA256

0a3df0ed621b08082464ad5c7292dd1bca60a153d6d7cdfb3cf3a7d71c4347bf
SHA512

d6f786b545546b92ab1b02d6ab06c9b94bd9d0a88b4db38909bcfad544f23c0ce1b0af7125d77a02adbf44c4d0ea9f668b0ec31c4cb39d89f0d2df7a9280d0a7
SSDEEP

1536:zvETb/iYzCXgoHYMIOQA8AkqUhMb2nuy5wgIP0CSJ+5y/BB8GMGlZ5G:zvETLiYOXgoHLNGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1724	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1460	cmd.exe
1460	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1460	2120	ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1460	2120	ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1460	2120	ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe	29
PID 2120 wrote to memory of 1460	2120	ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe	29
PID 1460 wrote to memory of 1724	1460	cmd.exe	30
PID 1460 wrote to memory of 1724	1460	cmd.exe	30
PID 1460 wrote to memory of 1724	1460	cmd.exe	30
PID 1460 wrote to memory of 1724	1460	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ce0729555e70e53aa769804872a11a20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1460
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1724

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3c5823080b0202a45c8b37982d7491d8

SHA1
19b005452833e42bfbf924cef46c9ed8513c075e

SHA256
f63deb0c70b2b15aad304a1de6ef8c98c1e9a14c88c9c3be17f10e93abffe33b

SHA512
d79d9e7ee46cedc01c84eb9e3d91136df8f1dd0fe9ccaff24856826993d6e0beb42fbd67428174e51956a076358d049aa6275528c9a464cf8f52ed90f818b005

Download Submit
memory/1724-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2120-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download