a7589fa55f577c4ce07d1eaaa169ae49755a86d5d793d0d1ae52a2022d93dff1

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 16:31

Target

c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe
Size

79KB
MD5

c6161aa76f806aafc1c1a9f171afd6c0
SHA1

96c829f2a9b83b971183fedbd20443e5a37f08e1
SHA256

a7589fa55f577c4ce07d1eaaa169ae49755a86d5d793d0d1ae52a2022d93dff1
SHA512

6e1db51788828c3679c78963ed25bb76cc712d86dedbd012afad95ddf00107242b5827c39a6ab31cec97cd9437b14a0f1aa3c25a6ec32558b5319e06594aa4e4
SSDEEP

1536:zvT7GBZqOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvT7YfGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
592	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
528	cmd.exe
528	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 528	2148	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	29
PID 2148 wrote to memory of 528	2148	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	29
PID 2148 wrote to memory of 528	2148	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	29
PID 2148 wrote to memory of 528	2148	c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe	29
PID 528 wrote to memory of 592	528	cmd.exe	30
PID 528 wrote to memory of 592	528	cmd.exe	30
PID 528 wrote to memory of 592	528	cmd.exe	30
PID 528 wrote to memory of 592	528	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c6161aa76f806aafc1c1a9f171afd6c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:528
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:592

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a9d5991de0a96de4610f8143caa565cd

SHA1
3e0ab984031d7e3ea08af8f9e1e31d206a57a0e8

SHA256
addbb0ab79617bb703469606fefe4206c053959d445bb33ec6865aee79e71bdb

SHA512
6c49cd915489e7750357afea5da84946444174158574261614afda769b789140d974d9ef55a4a92fa8bb5cf3242a6034ecb7505f117cdfd47f61d6da209222bb

Download Submit
memory/592-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2148-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download