cd2547a2fb545db7bbe87e9f4a83b0f6c7b1323b7bf4bc5e4492d7b29e163f52

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/05/2024, 20:18

Target

2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe
Size

79KB
MD5

2f54ab9e9de1db21870f9864206fda40
SHA1

172986bd755f2658c564ad7ee8a517947d3b017c
SHA256

cd2547a2fb545db7bbe87e9f4a83b0f6c7b1323b7bf4bc5e4492d7b29e163f52
SHA512

b3a7855495c6bf87370e559a3dcc0dc03b847ccf7dc95a848c8a8e889f0a066caae3ec1813cb05d5293f87990c966c21ec46e614aa3bc78926e70699d4823830
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
324	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
592	cmd.exe
592	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 592	2180	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	29
PID 2180 wrote to memory of 592	2180	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	29
PID 2180 wrote to memory of 592	2180	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	29
PID 2180 wrote to memory of 592	2180	2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe	29
PID 592 wrote to memory of 324	592	cmd.exe	30
PID 592 wrote to memory of 324	592	cmd.exe	30
PID 592 wrote to memory of 324	592	cmd.exe	30
PID 592 wrote to memory of 324	592	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f54ab9e9de1db21870f9864206fda40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:592
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:324

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bf42ef573c43a5657b7c43d08e343cd0

SHA1
40f1458a30e2356a4e27a3ad5ebd7c83ba10e5f2

SHA256
e2f3ff5844af0474228a6d8f94147952ad96f25e88065068ce8a71ddd196f3c5

SHA512
76d0726495f0777ae0a924efd4a7881c415814f82860d4f28e6c8f9d9203a3332bd0b811b072335f49eeea61be9c5995c7ff0900087c2f7017fc2575651849a5

Download Submit
memory/324-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2180-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download