4b1dbefdeafcd680de63cc3c985b4cd131c1c3822e0a36297cd474a898dd749b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 08:40

Target

1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe
Size

79KB
MD5

1ff2d4579e2d7d85696b0108451c5de0
SHA1

e68a224eb6cd7de22839b17488b9a3b40d5d8933
SHA256

4b1dbefdeafcd680de63cc3c985b4cd131c1c3822e0a36297cd474a898dd749b
SHA512

21879b11c7e2824331feb57ae45bbc5dd868f13d9abe768e680abf39828392106bb49fa4bca0bd828277c668b781ecbbf01f9c781168185e42be9081e4cf51b6
SSDEEP

1536:zv3zJkiIfCOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zv9sGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2148	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2016	cmd.exe
2016	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2016	2456	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	29
PID 2456 wrote to memory of 2016	2456	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	29
PID 2456 wrote to memory of 2016	2456	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	29
PID 2456 wrote to memory of 2016	2456	1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe	29
PID 2016 wrote to memory of 2148	2016	cmd.exe	30
PID 2016 wrote to memory of 2148	2016	cmd.exe	30
PID 2016 wrote to memory of 2148	2016	cmd.exe	30
PID 2016 wrote to memory of 2148	2016	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ff2d4579e2d7d85696b0108451c5de0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2148

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4587757611806328b2217365e25abe9b

SHA1
5ded21cfdc84fce15b33b1a6e917e327953a3c83

SHA256
76410946773f322ccab4b2e3a80383482160dd6290534ec7a22468d5a475e3f2

SHA512
6259aaad78752868138fdb047626f06c4440893275e997d3d2e6c04c230d0e06d2ae217dcac07b4a8c5d96933908e151e137a86e74271d7be7c1a5f558f5c5f7

Download Submit
memory/2148-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2456-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download