363311ba907cbf1909c1963693509d164a4e8e4748f047b2fd409187ae5863d0

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 00:23

Target

608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe
Size

79KB
MD5

608da39691142dcc445bfd98cf317420
SHA1

441069229753152d55eec09a60042d17a81ec0b2
SHA256

363311ba907cbf1909c1963693509d164a4e8e4748f047b2fd409187ae5863d0
SHA512

b24efbe620ed50fd28196ff104003693b6379e4adba84f4d7d8d108caf3c3268dc45d5a1046a856beb542f80ead8d41818e9b2b26c7983feefbe42bad65a3767
SSDEEP

1536:zvvphnrLIXPSh4MOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvvfXIXG45GdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2984	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2748	cmd.exe
2748	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2748	1976	608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe	29
PID 1976 wrote to memory of 2748	1976	608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe	29
PID 1976 wrote to memory of 2748	1976	608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe	29
PID 1976 wrote to memory of 2748	1976	608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe	29
PID 2748 wrote to memory of 2984	2748	cmd.exe	30
PID 2748 wrote to memory of 2984	2748	cmd.exe	30
PID 2748 wrote to memory of 2984	2748	cmd.exe	30
PID 2748 wrote to memory of 2984	2748	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\608da39691142dcc445bfd98cf317420_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2984

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a631238b8db4b98c683137b9089c58fd

SHA1
364d4dc4d14a90544f227c1d90eb763e1c710971

SHA256
e14f7423f1fa4f63ac20f7817585f0781fce56519543c2dbdfdfa39a50b8d3a5

SHA512
f39ac6de8503bcbb04077b123ea948fb542c50391ab7f571fe78cece984a15107ba7c5d5766d436eb45f38be7e261c852bdfe60086f9084d58ac25e467368980

Download Submit
memory/1976-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2984-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download