4ce435083c1441b1343fe7313e0aaa09b32cc27f9e5400ce6a4e4b8b5620fbdc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:58

Target

72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe
Size

114KB
MD5

72dae57d6ea342f813d192990cdd00b0
SHA1

d5b2834bddcc9bf8aa62a9d86a4fcf81a9c5b13a
SHA256

4ce435083c1441b1343fe7313e0aaa09b32cc27f9e5400ce6a4e4b8b5620fbdc
SHA512

71efe924e734ffe9fda6111065d4eafb0eee0411ee8b098c1f1d4e7782a6a95e3f095534a543f3c357fbaf2944a205d92c16c94ff64407c700743b56a231ce0c
SSDEEP

1536:Y7fbN3eEphDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfSw77O6:27phdC6kzWypvaQ0FxyNTBfSI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.execmd.exe

description	pid	process	target process
PID 1180 wrote to memory of 2660	1180	72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe	cmd.exe
PID 1180 wrote to memory of 2660	1180	72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe	cmd.exe
PID 1180 wrote to memory of 2660	1180	72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe	cmd.exe
PID 1180 wrote to memory of 2660	1180	72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe	cmd.exe
PID 2660 wrote to memory of 3032	2660	cmd.exe	iexpress.exe
PID 2660 wrote to memory of 3032	2660	cmd.exe	iexpress.exe
PID 2660 wrote to memory of 3032	2660	cmd.exe	iexpress.exe

C:\Users\Admin\AppData\Local\Temp\72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6E4.tmp\6E5.tmp\6E6.bat C:\Users\Admin\AppData\Local\Temp\72dae57d6ea342f813d192990cdd00b0_NeikiAnalytics.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2660

C:\Windows\system32\iexpress.exe
iexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\hid.sed
3⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\6E4.tmp\6E5.tmp\6E6.bat

Filesize
1KB

MD5
da9a8db30b2193eb306fd377ddc09822

SHA1
2b14a8683d1faca6bd607d0ae398cb95c36ab6f5

SHA256
9a36afba88e927c8bb2a67791db72d7575c9b89639e7b5e265b49b965d1fa34f

SHA512
2055ae22207643f89e211db4272a7c8ef559535f8c5566098cceb0f05eaddf1f0a9e93f94b38885e10b715abae17ae33855b8dbbcc19a3c3db9aecda51ca5cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\hid.sed

Filesize
114KB

MD5
f8007e726fcc84b140e926895999bae8

SHA1
6e7c1f55984e5e2f22e671fe3b08ba221e974e61

SHA256
35215674df47f2bb08a73f6df8f8478ca3f7597b1edcb34bb6bcc8bca93c2ba0

SHA512
30c8624b89274fcd3a94805e4979d15608fe46e71f12cffebed88d4ef7d552bd9f73ed5ce6e16025fc6fc69da5e30f104cfd7fb71867eeebd66645142a75bfa8

Download Submit
memory/1180-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1180-8-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download