81b59c92fe876fc1363ec344e724a4e4e360509ce68baed64e5bc946077a897d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 07:49

Target

d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe
Size

73KB
MD5

d3fd6844dd8f1105559e6e01980a27e0
SHA1

34103f02ab37bed0a8135cb1178069e905b161c3
SHA256

81b59c92fe876fc1363ec344e724a4e4e360509ce68baed64e5bc946077a897d
SHA512

d26e0bed403927fd7d7bb4508e84170c4a3b9cd5d34931e6b14f5659a29b4423f68aa5f2c408e460dc971a7f3bcab0d20a9cba2de8c62d0e6f1d7d21c267c3d2
SSDEEP

1536:hb3MNVP/sgA2JK5QPqfhVWbdsmA+RjPFLC+e5h+0ZGUGf2g:h+JkkNPqfcxA+HFsh+Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2272	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2260	cmd.exe
2260	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2260	2164	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	29
PID 2164 wrote to memory of 2260	2164	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	29
PID 2164 wrote to memory of 2260	2164	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	29
PID 2164 wrote to memory of 2260	2164	d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe	29
PID 2260 wrote to memory of 2272	2260	cmd.exe	30
PID 2260 wrote to memory of 2272	2260	cmd.exe	30
PID 2260 wrote to memory of 2272	2260	cmd.exe	30
PID 2260 wrote to memory of 2272	2260	cmd.exe	30
PID 2272 wrote to memory of 2392	2272	[email protected]	31
PID 2272 wrote to memory of 2392	2272	[email protected]	31
PID 2272 wrote to memory of 2392	2272	[email protected]	31
PID 2272 wrote to memory of 2392	2272	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2392

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
8d4d2472e3a63e07a1adfd8b7e65a32f

SHA1
abc00206672c98601e8bd8ad93cb163b60e1160b

SHA256
7b342e542582c18eef6da3ea31f79284f5d5c7c0148be0841e6b06ca21e38af7

SHA512
dc4b3bc86757fe23431793b097d6a7cd0a10fccd10f6c11e567a8446e2d804490787081945f140ee8b769f54a66d92d8737788c015ec31d799f076ecf59c0f99

Download Submit
memory/2164-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2272-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download