fb6cbdd84680342acb8f843b1c78f8ddcf9b291654ebea3e896cc22293edaec7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:55

Target

e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe
Size

79KB
MD5

e6ea35c989160d6feebe3a9ca3f83840
SHA1

dce5430bf74867a6c26c5546fe2e76ebf972b4cb
SHA256

fb6cbdd84680342acb8f843b1c78f8ddcf9b291654ebea3e896cc22293edaec7
SHA512

2dc42889d4691d34e243f66b4d9607202414c8b34634da3b37c4f8989bf41f5b69c4665080f3c9f79992a894424c37d00f5b2f5ece552da67d083e7a2517acf3
SSDEEP

1536:zvnkjhiUanSOQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvnZbXGdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2988	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2976	cmd.exe
2976	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2976	1924	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2976	1924	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2976	1924	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	29
PID 1924 wrote to memory of 2976	1924	e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe	29
PID 2976 wrote to memory of 2988	2976	cmd.exe	30
PID 2976 wrote to memory of 2988	2976	cmd.exe	30
PID 2976 wrote to memory of 2988	2976	cmd.exe	30
PID 2976 wrote to memory of 2988	2976	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e6ea35c989160d6feebe3a9ca3f83840_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2988

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7b95ee6eecfac36627e23aa978916d2e

SHA1
4d3620e0d21282ac1a0cbdfad4d41a584632c6df

SHA256
6d8757da697a7f8e6d7e51e876a0632d10529c2be99e346e583b24846b08f189

SHA512
935007b0f6ace09af8bd28871d028736106adf0aff73d45f5b08580e6ed2d8f57240c8ac704ddcbf71813a51ccc10a68103c2057885f7e3a715a2ce909c747cd

Download Submit
memory/1924-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2988-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download