525552c2cb9834e0fa005d19e4c4e3fad1eafccc512891e158b38831ab7664a9

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 11:52

Target

d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe
Size

79KB
MD5

d78b234323770dbbde4784e86d7ecee0
SHA1

c64c34525d1020a4b806dc27f78492af37314003
SHA256

525552c2cb9834e0fa005d19e4c4e3fad1eafccc512891e158b38831ab7664a9
SHA512

8fb04bf6d64730804d4c3521a8d0b92fed9474c32bfa94f388925a40f8636a40fba5bfd164978de2bbbfefff7339d22a72d83e450340c2ae2245f240c20c7a02
SSDEEP

1536:zvKF4uRm+53CRfNducyOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvNuAjGdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2652	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1768	cmd.exe
1768	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1768	2204	d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 1768	2204	d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 1768	2204	d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 1768	2204	d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe	29
PID 1768 wrote to memory of 2652	1768	cmd.exe	30
PID 1768 wrote to memory of 2652	1768	cmd.exe	30
PID 1768 wrote to memory of 2652	1768	cmd.exe	30
PID 1768 wrote to memory of 2652	1768	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d78b234323770dbbde4784e86d7ecee0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2652

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ae464088b9029f432357935d47c49bfb

SHA1
df8e6d995ddc33c50bed83b8c7b5443d3f7afe5c

SHA256
a77ec48fd3b553212011da5a8e87be2f69a18865412ca2d9716c1cb352166c05

SHA512
2e15bbcdf03c8749098eac6a7344d960a75d30ba3bcd3d621741fcace3baca76eb18d76b933bcb59978c886487a238d017f2b86a4f4875593fa18c0ba4b39095

Download Submit
memory/2204-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2652-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download