95f149b399a2079bf9c0231281cbbf94b34699b0dbcf7c2f949ae2cb7b61a126

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:15

Target

6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe
Size

79KB
MD5

6dde0292e4cb12ada3e0f66b473824c0
SHA1

866d638edae01a6b1cb496981a81be68efeafc05
SHA256

95f149b399a2079bf9c0231281cbbf94b34699b0dbcf7c2f949ae2cb7b61a126
SHA512

521fd95fe3280317558fcf00c1ca6d3640153b2394d30868a4dc052aa6d6d4da011e1a9d78e8dd979b5b71a32093c407112b284c7c8b777ae08311ef7c028f00
SSDEEP

1536:zvm5Om0rld8Ms1FAOgSmOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvm5OTld8r1QSjGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

[email protected]

pid process

2548 [email protected]
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

2236 cmd.exe
2236 cmd.exe

pid	process
2548	[email protected]

pid	process
2236	cmd.exe
2236	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.execmd.exe

description	pid	process	target process
PID 2068 wrote to memory of 2236	2068	6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe	cmd.exe
PID 2068 wrote to memory of 2236	2068	6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe	cmd.exe
PID 2068 wrote to memory of 2236	2068	6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe	cmd.exe
PID 2068 wrote to memory of 2236	2068	6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe	cmd.exe
PID 2236 wrote to memory of 2548	2236	cmd.exe	[email protected]
PID 2236 wrote to memory of 2548	2236	cmd.exe	[email protected]
PID 2236 wrote to memory of 2548	2236	cmd.exe	[email protected]
PID 2236 wrote to memory of 2548	2236	cmd.exe	[email protected]

C:\Users\Admin\AppData\Local\Temp\6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6dde0292e4cb12ada3e0f66b473824c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2548

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
af4e0d862d98f09fd326f23bc42ecfea

SHA1
02f6063f383d09c729e4af4ae622328aaf12137b

SHA256
e2a8708471988a18486f6f78aaf5c72c2d1f356ed460ddb0acfa2f72a42ba463

SHA512
b561252624a28f32b253c81f3328c2aa2fda292d4067411ac3e04d2598c9ee6daa1758be4f618ac239cae955ff0b0b0f0f0958fca44b04c9374ca7dbf3281983

Download Submit
memory/2068-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2548-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download