014bf438f5fe87b881ddaca79b72fdca0e01556fee19afb58d0adb7cfe27ed25

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 17:30

Target

cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe
Size

79KB
MD5

cd50a4dc36a7b5e8423ef07878768720
SHA1

2ca62e77459c9a19f981c4c05b61b1319c15f008
SHA256

014bf438f5fe87b881ddaca79b72fdca0e01556fee19afb58d0adb7cfe27ed25
SHA512

2c33f9c6b451e87ce83834e5c964b8d8c66c020ff1d960223f9151ad5f5ca1ce99440ec349441ea8324f7702593c72727444bf5870ea23fd1d4d01f0224d58b4
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yMB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyMN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2696	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2736	cmd.exe
2736	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2736	2380	cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe	29
PID 2380 wrote to memory of 2736	2380	cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe	29
PID 2380 wrote to memory of 2736	2380	cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe	29
PID 2380 wrote to memory of 2736	2380	cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe	29
PID 2736 wrote to memory of 2696	2736	cmd.exe	30
PID 2736 wrote to memory of 2696	2736	cmd.exe	30
PID 2736 wrote to memory of 2696	2736	cmd.exe	30
PID 2736 wrote to memory of 2696	2736	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\cd50a4dc36a7b5e8423ef07878768720_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2696

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
94208e3689d5c2a10735f846e27f5af8

SHA1
cb4d0682934ef079d157f99c8a8ff05af82e2612

SHA256
3142402cf8a5e5aa6c930c154f90dbff8a5542fa79d0d5212c315b9308f4a907

SHA512
730ce5848c71f9cf28806249402721c01a141fe953246bb17c17fe50d8d16e3b77c0dd14d492000520a74b2a31cb3e03de134a47c04b804aa05255fb6a3a2fc7

Download Submit
memory/2380-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2696-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download