1ef897f7f9dc383cf70e71d3915bf1376792bdafbd701112f4a695f21c4a6879

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 10:50

Target

c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe
Size

79KB
MD5

c8d1d14a88b914c4ed1bf3a663784000
SHA1

6b37de7da790f643055b4a97a32164f74e291d41
SHA256

1ef897f7f9dc383cf70e71d3915bf1376792bdafbd701112f4a695f21c4a6879
SHA512

3955a889eff5e69335ef227c8325d56f0914b18307e8dd3bdbcf467d58c77adffc4c223bea2891e2c30cedd442d0fe78261788182685122c2a44cb800dda01c7
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2608	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
268	cmd.exe
268	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 268	2440	c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe	29
PID 2440 wrote to memory of 268	2440	c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe	29
PID 2440 wrote to memory of 268	2440	c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe	29
PID 2440 wrote to memory of 268	2440	c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe	29
PID 268 wrote to memory of 2608	268	cmd.exe	30
PID 268 wrote to memory of 2608	268	cmd.exe	30
PID 268 wrote to memory of 2608	268	cmd.exe	30
PID 268 wrote to memory of 2608	268	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c8d1d14a88b914c4ed1bf3a663784000_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:268
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2608

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e9fee1f685c425abbb2eb3bec64cde68

SHA1
c6b4470bc6755cefc3aa31b4575d35ee05f21d1d

SHA256
63e770a20ac1dbc7c688066f05b0e0ea22019be64a1c5e44db34716d9bb4a4a9

SHA512
1e2971367618f3074f7e5330bc162600d9151d1eab5429ea61a48451b8deb346fd7fe55a8fa172c5a68672e984f47ed4ad92f6af17c7622719a82a1450f3597b

Download Submit
memory/2440-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2608-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download