db8437cad9dcdb379f4c758f9d31cee511897dd2087515aaaa8d8a3c35728d73

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 21:43

Target

c6f74549994666348c5101025f06f460_NeikiAnalytics.exe
Size

73KB
MD5

c6f74549994666348c5101025f06f460
SHA1

7131e0bfda13c644c1494d6a1418aee491781d86
SHA256

db8437cad9dcdb379f4c758f9d31cee511897dd2087515aaaa8d8a3c35728d73
SHA512

e5e451e95f5cfdd541df781a9797a2cf2cde7d82539e6afcf4eb99814ca29d50a65a0c110cc581036e9751544a8439e73d014e0e9340ea7ed57326dee7a8c54d
SSDEEP

1536:hbmlp1EeCWzAFK5QPqfhVWbdsmA+RjPFLC+e5he0ZGUGf2g:h6lp1xCWzaNPqfcxA+HFsheOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3016	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2300	cmd.exe
2300	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2300	2188	c6f74549994666348c5101025f06f460_NeikiAnalytics.exe	29
PID 2188 wrote to memory of 2300	2188	c6f74549994666348c5101025f06f460_NeikiAnalytics.exe	29
PID 2188 wrote to memory of 2300	2188	c6f74549994666348c5101025f06f460_NeikiAnalytics.exe	29
PID 2188 wrote to memory of 2300	2188	c6f74549994666348c5101025f06f460_NeikiAnalytics.exe	29
PID 2300 wrote to memory of 3016	2300	cmd.exe	30
PID 2300 wrote to memory of 3016	2300	cmd.exe	30
PID 2300 wrote to memory of 3016	2300	cmd.exe	30
PID 2300 wrote to memory of 3016	2300	cmd.exe	30
PID 3016 wrote to memory of 2612	3016	[email protected]	31
PID 3016 wrote to memory of 2612	3016	[email protected]	31
PID 3016 wrote to memory of 2612	3016	[email protected]	31
PID 3016 wrote to memory of 2612	3016	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\c6f74549994666348c5101025f06f460_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c6f74549994666348c5101025f06f460_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2612

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
91a91b35f380efddaaff1fb3bf7d57a3

SHA1
763c96e19ad59180bb822bce7c7b89cec1f2c34a

SHA256
21d92bf774486bcd17141ffb2fc57b628068ff6908c05dcb7e4974805c4ff1f4

SHA512
2818a81331466012b95ac349edbd94ff048bd0e3c3e0001e9b9dac587e484fbdb15cd3cf78beda5b4f17c7414fa1b4fb3b313306abf3c911832cae26beec97ba

Download Submit
memory/2188-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3016-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download