fd43e6b4d6b17743da4fb55572b13a7ca011c9dfc736097f9d9cbd1febee46c4

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 07:32

Target

9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe
Size

79KB
MD5

9a1db606274005f079f2db41cfdf3f20
SHA1

a3da8c961836d15da1472d0de03f7baebf6ce588
SHA256

fd43e6b4d6b17743da4fb55572b13a7ca011c9dfc736097f9d9cbd1febee46c4
SHA512

82bfebf87027ca4cc78088530c6e243b5e7995ca929809660641198ddd8a3fb426d41faee0a26dd23a4615e99b3a6d9971595219f38b0afdbd5ef17b8e4d6cb4
SSDEEP

1536:zvjRRbIyAsOQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvlNIyAZGdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1936	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1812	cmd.exe
1812	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1812	2392	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1812	2392	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1812	2392	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	29
PID 2392 wrote to memory of 1812	2392	9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe	29
PID 1812 wrote to memory of 1936	1812	cmd.exe	30
PID 1812 wrote to memory of 1936	1812	cmd.exe	30
PID 1812 wrote to memory of 1936	1812	cmd.exe	30
PID 1812 wrote to memory of 1936	1812	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9a1db606274005f079f2db41cfdf3f20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1936

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
b13d4647f77a0711ad21c0e645189de9

SHA1
01f32c2814085e02c9b840a74ef31f0a757e9239

SHA256
622f9b967ef458a865650c487ecb3568fe6f854773401487b51b62a825a7ed47

SHA512
19d035d308bc5907a87b2237ad435767e6eeee22a402a19fb2bd15ad1829d8239c05d4c37bea2ce265841bae75e90854ff30a605dea5e1175ac461c44ed37c36

Download Submit
memory/1936-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2392-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download