e251ed27d1d7dd362fde3157587023104a5ebf85a1fddbad5e458352376a71e6

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 06:23

Target

3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe
Size

79KB
MD5

3e2aadeb527c2f45008c692b6930b1f0
SHA1

ac63f65b42aa2ed0fc8dc5d1010ef55897f35cd6
SHA256

e251ed27d1d7dd362fde3157587023104a5ebf85a1fddbad5e458352376a71e6
SHA512

3ba31b43e9891cd49e3afa4b233d3d260079ca02db07370add0f9623a9c6b3591eb29d6c258478d531360f25b7684a5d654a838bb7b8010a8f80d10515163422
SSDEEP

1536:zvlhoiHiPFWDJOQA8AkqUhMb2nuy5wgIP0CSJ+5yfB8GMGlZ5G:zvVCd/GdqU7uy5w9WMyfN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1328	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1040	cmd.exe
1040	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1040	2336	3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe	31
PID 2336 wrote to memory of 1040	2336	3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe	31
PID 2336 wrote to memory of 1040	2336	3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe	31
PID 2336 wrote to memory of 1040	2336	3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe	31
PID 1040 wrote to memory of 1328	1040	cmd.exe	32
PID 1040 wrote to memory of 1328	1040	cmd.exe	32
PID 1040 wrote to memory of 1328	1040	cmd.exe	32
PID 1040 wrote to memory of 1328	1040	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e2aadeb527c2f45008c692b6930b1f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1040
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1328

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c98a19a6a5070fa041c429481a2dd361

SHA1
f58214d2dd0371eba461a9d1e8ce9990cc4ba348

SHA256
4ff3e98e81020c46fdbf169b8b2c4572f5a9fa51ccb6ee61261117d904bd5ad4

SHA512
c4c646b725795514a7f2aed41e44893828624efe5ad33eafb15ba2baed191f4e2ea52501898f7fe1e6ae462a211284ebd18500717e87e28fec91b18aef613d73

Download Submit
memory/1328-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2336-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download