de13a34b0b48f048620980909d1281a75b3eb2106aa2ef6655c8dd44d978ec48

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 11:31

Target

d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe
Size

79KB
MD5

d2853a255eac91ad428f9d41d7826200
SHA1

18200d3db56e1c698a08760bf94e51190653b5c9
SHA256

de13a34b0b48f048620980909d1281a75b3eb2106aa2ef6655c8dd44d978ec48
SHA512

0c7faab772bd0b6a5301d99704d6a54cad5e6dec58d733f7d8da5b5d9375990a151fd7cb39cf4759d68f249e8297da3aa125ea7dbc6fe9ad0c0b0ec2f6efe812
SSDEEP

1536:zvDkSFQbBgkHBsSpOQA8AkqUhMb2nuy5wgIP0CSJ+5yCCmB8GMGlZ5G:zvDk8IBTSlGdqU7uy5w9WMyCFN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2968	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2956	cmd.exe
2956	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2956	1636	d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2956	1636	d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2956	1636	d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2956	1636	d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 2968	2956	cmd.exe	30
PID 2956 wrote to memory of 2968	2956	cmd.exe	30
PID 2956 wrote to memory of 2968	2956	cmd.exe	30
PID 2956 wrote to memory of 2968	2956	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d2853a255eac91ad428f9d41d7826200_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2968

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fa3eaed383403b67d5698f7f02289c8c

SHA1
cb1e9020d2fc1d63bb0f722afff13a0aade662ab

SHA256
23ac92196b4127e6dabb461e3b117956ee0aa1c51b872e372872b65c67ea09a6

SHA512
2cb02e18936798e887f9f8f515b3e35e3db22b268e16ca41e1709c7f09b729aa93a22442aaf2d93d7e575919b42a26a5a047ee47126f7500dd908d9cdd7b6c7c

Download Submit
memory/1636-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2968-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download