53b0f651a04c0ffee70db27fffaf29054f1862eea9653014fc6dbd59a2846717

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 18:22

Target

3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe
Size

29KB
MD5

3da5ac13243795baa38bc7bfd3ca90b0
SHA1

9b7ebe48e8460191a0661410b0ce145ab98823af
SHA256

53b0f651a04c0ffee70db27fffaf29054f1862eea9653014fc6dbd59a2846717
SHA512

f4fa35d55e81c3addc98671ef4eb5e758ea2b31dc321783b481a5361027c00855ad13554080e26d8bbc2a429e8fd534c6c12c97a4dc70b31c4a71fcd755f0b96
SSDEEP

384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGtn:v/qSamrxDmqoKM4Z0iwtws

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2420	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
3060	2024051218.exe

Loads dropped DLL 2 IoCs

pid	Process
1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe
1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe
3060	2024051218.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3060	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 3060	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 3060	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 3060	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 2420	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2420	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2420	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 2420	1936	3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3da5ac13243795baa38bc7bfd3ca90b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\2024051218.exe
  C:\Users\Admin\AppData\Local\Temp\2024051218.exe down
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3060
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  - Deletes itself
  PID:2420

C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
216B

MD5
2d564f50e8fdeec75f5aee2e3cfd932f

SHA1
8bda5203d8d533a11e13112a1178f136f36fd542

SHA256
7158d6bd2e48fe3e8d1144feb6ff1310ad7ae339ebc92c1c062b12d9187bc216

SHA512
a3652b5bb25bf10727aa558f230d23a031087d36b2b5e1944d3052d0f88e13c61af69b980df1b6b16bf4b46824abb9175c8935816e43f044900f26f02cc81455

Download Submit
\Users\Admin\AppData\Local\Temp\2024051218.exe

Filesize
29KB

MD5
b9d9d727a1e99fc2f864a87f76dda5dd

SHA1
b2ac68ed7e012e35f4b0e884c39431b09e572844

SHA256
d247bf45d43e4df4224118d4ad6a5e5f1f84c30f7f27550ec4a34ae50873cd2d

SHA512
7b8c68559971b460e2e00e5264387c22c549aa38fa1201127355b50d01d72f3660d95773ea8db511a81c571eb630f75961f83e9b7129c14280d00f93784a478d

Download Submit
memory/3060-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download