f3e10ddb3d972150b037a8748c24f5515f593fed337444dccc6ebe63d81d474b

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 00:34

Target

68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe
Size

79KB
MD5

68d7f19569f3e11ae804cbf165ca6840
SHA1

db5b2036202ce4758a829d09975b6549dc2ba048
SHA256

f3e10ddb3d972150b037a8748c24f5515f593fed337444dccc6ebe63d81d474b
SHA512

cd72996a5994a240d54b4aaa86a64cb3e02d83e85b50840339887dc7950e28c71ed1383c3f3cdd61d38750f37a7288edf8cd391ada737698e179ab6959a3a278
SSDEEP

1536:zv0IyKTCCJD59fkOQA8AkqUhMb2nuy5wgIP0CSJ+5yvbB8GMGlZ5G:zvLmkxGdqU7uy5w9WMyvbN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2032	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1796	cmd.exe
1796	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1796	2036	68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe	29
PID 2036 wrote to memory of 1796	2036	68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe	29
PID 2036 wrote to memory of 1796	2036	68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe	29
PID 2036 wrote to memory of 1796	2036	68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe	29
PID 1796 wrote to memory of 2032	1796	cmd.exe	30
PID 1796 wrote to memory of 2032	1796	cmd.exe	30
PID 1796 wrote to memory of 2032	1796	cmd.exe	30
PID 1796 wrote to memory of 2032	1796	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\68d7f19569f3e11ae804cbf165ca6840_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2032

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
258d412fbaf26cca49d1efcbfea58ca1

SHA1
fb88861dd0374259bac0469059dcf4ea6c8715fc

SHA256
30d0b7fd9855fde0f0c76ee771f242ca7f00b465018c00cc689d301ebf04279d

SHA512
43dc337c92b768c774388879bbcb5c4c8d1b873564bad8e9548c0bdd9985e12962b4673896f60ebe6303a668f1bfc1c13ff01270643aeccda651eb32c0e5cc6b

Download Submit
memory/2032-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2036-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download