a2fbcaa1bf057b7bfd248606171fd4beafb2d8823079132d6d53fa6dd1ccfb7f

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 21:50

Target

2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe
Size

79KB
MD5

2ff63ff5c3866a4f9cd6a7596ac86ae0
SHA1

3e827009f00c1c9fe5022f7cf0f23dd3b30f2439
SHA256

a2fbcaa1bf057b7bfd248606171fd4beafb2d8823079132d6d53fa6dd1ccfb7f
SHA512

2d4f9d7a921a34b30dcafc715a0de24a8abdea641e533fa9a2d7d1dc22a9f78e41f2fa127669c1bf2c287545026347ac953930defe1fa2acd65e818d23650644
SSDEEP

1536:zvMewwwA2UXezoXCOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvMewwwbeN3GdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3020	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2504	cmd.exe
2504	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2504	2076	2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe	29
PID 2076 wrote to memory of 2504	2076	2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe	29
PID 2076 wrote to memory of 2504	2076	2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe	29
PID 2076 wrote to memory of 2504	2076	2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe	29
PID 2504 wrote to memory of 3020	2504	cmd.exe	30
PID 2504 wrote to memory of 3020	2504	cmd.exe	30
PID 2504 wrote to memory of 3020	2504	cmd.exe	30
PID 2504 wrote to memory of 3020	2504	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2ff63ff5c3866a4f9cd6a7596ac86ae0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3020

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
081ac35033bd968b8747afbec209dfff

SHA1
0273423a801c102dbab94a75d3aa02e4e75b8fc5

SHA256
90313f1a8f54363fab1c008f4e939f07bc10889dda2cdd0e2753b9c815c6f01f

SHA512
0db1fd5f8e7d63ac59bd9dd56b31cc1dc2d937883b0a16f996bdfa0e54b9b4c813d173809ae4054ec9dedd1dfcc7f565b52ca6135d93d02fd3030a3bf4c0b226

Download Submit
memory/2076-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3020-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download