9a098a95caf01540ecf2348d7745790c8068d5563bc2e8412b5a663c6ecbc716

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 16:45

Target

c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe
Size

79KB
MD5

c5184de9b1936e6b8579d5056e8c4f20
SHA1

32becd5bca8279c9177429ce81359926d84f8d99
SHA256

9a098a95caf01540ecf2348d7745790c8068d5563bc2e8412b5a663c6ecbc716
SHA512

98e81ca9681143481ac65cb53d27c24a5390861a665a23df34b2afad9e4dc0bed28c46145610892f05e9ba9dc20a089db77f89b1fb93c95afe19fcdc173ec937
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1508	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2196	cmd.exe
2196	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2196	2204	c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 2196	2204	c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 2196	2204	c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 2196	2204	c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe	29
PID 2196 wrote to memory of 1508	2196	cmd.exe	30
PID 2196 wrote to memory of 1508	2196	cmd.exe	30
PID 2196 wrote to memory of 1508	2196	cmd.exe	30
PID 2196 wrote to memory of 1508	2196	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c5184de9b1936e6b8579d5056e8c4f20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1508

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5bb9c8c4629818e0282869f73a2c8b30

SHA1
e3f25704d3374f5e1cf93610cde2d2eaff88a1db

SHA256
cf2af20b6521ecb30cde757ee4c56fdfde6fecc4562aba8d618bcbe7afcb58f5

SHA512
40eea51b2f95a6901c07b7a34bfccb92217b7dd6469265ed6021c73e2e986a5e469a3ff4f33dff5141bd0e47392dfbb3271f8c4fec55464042dbe3e090b7b4e0

Download Submit
memory/1508-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2204-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download