3f02ef19b830bb7d5d828dee8358bc8d7c645275dd69b11e2422cafe96c60c80

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 12:44

Target

e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe
Size

79KB
MD5

e45fcfd13d9c644b802aea80b33494f0
SHA1

9e204e82f378eae03e7eeb5e76fe47145b80e25c
SHA256

3f02ef19b830bb7d5d828dee8358bc8d7c645275dd69b11e2422cafe96c60c80
SHA512

2551936cec1ab2743a71e21a80064bd04246a3a9fca65f8eb86f0b1c60943cc901af12834a206aa3749aa76e5686d979d6635e611b5e03b3b7e80c7c9d645684
SSDEEP

1536:zvQaoL+gLpOQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvNngLoGdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2760	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2656	cmd.exe
2656	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2656	1276	e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2656	1276	e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2656	1276	e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2656	1276	e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe	29
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e45fcfd13d9c644b802aea80b33494f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2760

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a32dba82831f3cb0e5a3e65769c16170

SHA1
23950e756b253f25d7d2d7fe33fdcdc76acc7f09

SHA256
c871affee15f24ade1cf3c5e9e7e0644179798e2a293a4aaca7cf07ebc72bada

SHA512
e888425d9c78b0c4e60b148a3ed6e4c2523f0fe67b1b03cc13cb7483bfdc8753143a913bd70c3da9061ea526beb21c58331916439812a45d28e61ae951cc4128

Download Submit
memory/1276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2760-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download