a705e8302fd9044892066e4d47f1ed37ff5896e4c5826c98b299d81117ff80f3

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 12:42

Target

e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe
Size

79KB
MD5

e3c67d3b65bc65ba95b836f78409ffd0
SHA1

1d7cbfa1538a1018fe82904d41000bbabc6ba40a
SHA256

a705e8302fd9044892066e4d47f1ed37ff5896e4c5826c98b299d81117ff80f3
SHA512

d10bf8eb2dd639a3cf169a7656e84ed69ffaf844962ce2bb251b06f9bbd78fa39247b2211ca15070cf5fb65cddfd83ddc23f6faba47ce80007d87aacb9137ce6
SSDEEP

1536:zv5F8+niQuWw7OQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvMEuWwqGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2948	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2552	cmd.exe
2552	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2552	1688	e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 2552	1688	e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 2552	1688	e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 2552	1688	e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe	29
PID 2552 wrote to memory of 2948	2552	cmd.exe	30
PID 2552 wrote to memory of 2948	2552	cmd.exe	30
PID 2552 wrote to memory of 2948	2552	cmd.exe	30
PID 2552 wrote to memory of 2948	2552	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e3c67d3b65bc65ba95b836f78409ffd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2948

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
36bf72ecec92ce1354ac30d2564b23d7

SHA1
b5e0bc423538b1d175c64ea72ba81fa9576cd47c

SHA256
5949d598364223b9376ffdd72a99dc1423830d91b709967bc6f8293b97949289

SHA512
967ba53084ac06380e7055b064e04b78327cb4bdfb5709d252727510469d7527683415a35745a1fac1164b4c3f8b3cc3fb379001f38a69063eba0e791aa374cd

Download Submit
memory/1688-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2948-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download