1f4121dc9064576392b319ce3e20d119b68329be3deee269a63a8cf7a9100706

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 05:42

Target

8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe
Size

79KB
MD5

8d4e8bd3be7c99ac9fd366aeb5951e50
SHA1

8687c9168921a4c0f31acdc6a748bec6db3a11c0
SHA256

1f4121dc9064576392b319ce3e20d119b68329be3deee269a63a8cf7a9100706
SHA512

f7c64035b640dbc951d19a48ecf2061c7eda853ace76e7d95f94222163c6510d9d23d6190bef9d86ad0c52e48639f9ccc2ea9dfd4289cdf36386419e76537b2d
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1676	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1748	cmd.exe
1748	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1748	2100	8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe	29
PID 2100 wrote to memory of 1748	2100	8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe	29
PID 2100 wrote to memory of 1748	2100	8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe	29
PID 2100 wrote to memory of 1748	2100	8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe	29
PID 1748 wrote to memory of 1676	1748	cmd.exe	30
PID 1748 wrote to memory of 1676	1748	cmd.exe	30
PID 1748 wrote to memory of 1676	1748	cmd.exe	30
PID 1748 wrote to memory of 1676	1748	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d4e8bd3be7c99ac9fd366aeb5951e50_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1676

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
48e905353533ce528025819117098bab

SHA1
c00e2edf346254dc28b6d4f7cf6bddf05be5ffc5

SHA256
a95525d906669b5d2b74346d9ee952fd6304924045efe43707219a41274fad7e

SHA512
581e293afe464b8dbe237accd062531ba25cb783920f8275f32169cd37e4fad5a02614b955a53925eacdb38324d629fee42af42f6b2e4ec1ecb6f1138253859c

Download Submit
memory/1676-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2100-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download