21084538460fab7054ce1a27b7761de1e7f546a0db7a7adb5dc874047c534667

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 19:42

Target

ba37587694731d015371e8240194fc20_NeikiAnalytics.exe
Size

79KB
MD5

ba37587694731d015371e8240194fc20
SHA1

9d419331944c9ee44865521cf3f9aa5001c706bb
SHA256

21084538460fab7054ce1a27b7761de1e7f546a0db7a7adb5dc874047c534667
SHA512

616e671649e89080b19fb155a4cb1b5bb32a5ec07436b1c47fe81b24189a701cf8a8a005c3aca7fa302396cb3ed60367f5fde8aac19d8fbdbcd66e6c89a4c2db
SSDEEP

1536:zvtCL7dPmK9gv/OQA8AkqUhMb2nuy5wgIP0CSJ+5yrB8GMGlZ5G:zvt+uKa2GdqU7uy5w9WMyrN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2972	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
112	cmd.exe
112	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 112	1760	ba37587694731d015371e8240194fc20_NeikiAnalytics.exe	29
PID 1760 wrote to memory of 112	1760	ba37587694731d015371e8240194fc20_NeikiAnalytics.exe	29
PID 1760 wrote to memory of 112	1760	ba37587694731d015371e8240194fc20_NeikiAnalytics.exe	29
PID 1760 wrote to memory of 112	1760	ba37587694731d015371e8240194fc20_NeikiAnalytics.exe	29
PID 112 wrote to memory of 2972	112	cmd.exe	30
PID 112 wrote to memory of 2972	112	cmd.exe	30
PID 112 wrote to memory of 2972	112	cmd.exe	30
PID 112 wrote to memory of 2972	112	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ba37587694731d015371e8240194fc20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ba37587694731d015371e8240194fc20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:112
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2972

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d7a02939d273a7a0ea405b8fab4bf1fd

SHA1
7490af66bc4cc57957488b4053fc9f0679d1dfc0

SHA256
09d84b8ec0a28dd0e84b2814ae83b8113ac0d31066555f57e7abd88a9ddaa04c

SHA512
a25146bf7a4eee5bdb2874a85b8fb9a95279212f0e757ec635e9d1c7c72c21cd36ddadbfad38fb028fe3f15b097faafa5354af0795e51bc72578d468fb6c55dc

Download Submit
memory/1760-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2972-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download