314f032ec40295df4ac801c4951730d3cd6e8cca4fda4a6498e08dd8ddf12cc2

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 04:02

Target

937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe
Size

79KB
MD5

937611d550c15e670ecfb6122d884e00
SHA1

276a6e99b9a128c852f2f5f7a0096d00ef80da9d
SHA256

314f032ec40295df4ac801c4951730d3cd6e8cca4fda4a6498e08dd8ddf12cc2
SHA512

8299cd7c3bf27dd7f055f8626bcb74496e6f4d081982382628646661ea56d58c1df26e9024890f2dd83748c097eae1b642de7950424a803c8ffdd49585e16c4d
SSDEEP

1536:zv9bXiv/4povvaELhOQA8AkqUhMb2nuy5wgIP0CSJ+5y1B8GMGlZ5G:zv9qvCEUGdqU7uy5w9WMy1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1800	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2412	cmd.exe
2412	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2412	1992	937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe	29
PID 1992 wrote to memory of 2412	1992	937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe	29
PID 1992 wrote to memory of 2412	1992	937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe	29
PID 1992 wrote to memory of 2412	1992	937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe	29
PID 2412 wrote to memory of 1800	2412	cmd.exe	30
PID 2412 wrote to memory of 1800	2412	cmd.exe	30
PID 2412 wrote to memory of 1800	2412	cmd.exe	30
PID 2412 wrote to memory of 1800	2412	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\937611d550c15e670ecfb6122d884e00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1800

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c85d0d0768ce4e41330652af9a96fc5b

SHA1
70db0938f07325a7af0d45d6470c38a49d79a4bc

SHA256
00543876b03809a56d162501a0f39bf7456e424f6f11bc440ea43a487b1fb064

SHA512
40a9c6c2b39d0eaf0ad467e1035693e461c4ca47c88d9ca2a54b3a2fcf5997dad8f8655c1058113432006b6940fe69e6ef283ea8e0c21a097dc9e1855f9c8a61

Download Submit
memory/1800-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1992-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download