1f1596a0b9760af6bc2f87bf0b3757ed5a2da7be584d901bd57b77e40158ff10

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 04:25

Target

abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe
Size

79KB
MD5

abe2c1946ab28ff1f776dda732274600
SHA1

0f63faa805c921c207f6169186835843123713cd
SHA256

1f1596a0b9760af6bc2f87bf0b3757ed5a2da7be584d901bd57b77e40158ff10
SHA512

13583025d2565c407a8cc6e5d7ac704be0c7f94639e0acd6cfd152356ded5408a75733ddfa83d954c9edbee41bbeb961590f76b7cb17b489087b948c567a1ed2
SSDEEP

1536:zvsbwww3DBuynr47rQk2GOQA8AkqUhMb2nuy5wgIP0CSJ+5y8BB8GMGlZ5G:zvsKDdrwJ8GdqU7uy5w9WMy8BN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2248	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2652	cmd.exe
2652	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2652	2372	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	29
PID 2372 wrote to memory of 2652	2372	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	29
PID 2372 wrote to memory of 2652	2372	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	29
PID 2372 wrote to memory of 2652	2372	abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe	29
PID 2652 wrote to memory of 2248	2652	cmd.exe	30
PID 2652 wrote to memory of 2248	2652	cmd.exe	30
PID 2652 wrote to memory of 2248	2652	cmd.exe	30
PID 2652 wrote to memory of 2248	2652	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\abe2c1946ab28ff1f776dda732274600_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2248

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f793679df42f0d20f182e2161be9d8d1

SHA1
d4b8824d9ff86ad584d7208ac5381920f5fa2ce6

SHA256
f96aadfd37c39a8002fe4a859254cb5220bc61e53e722a74c1044bd009128656

SHA512
c1158bf8cedb5bf3f2d15c067f863dfe9a5ae27ae94cdaa04e3ea3888b65c8a2392ab4ded3173eb95a83beed849dfad0d9bafc3da72348382a80b08e1744802f

Download Submit
memory/2248-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2372-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download