2459e3202ebe671d832d4d955d90fbc8492eea37441d44e9a829e845fda7fa2f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 07:36

Target

2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe
Size

79KB
MD5

2731de8ed874b9aab83dc3c4114c4d50
SHA1

6c4a2bf1439eb4bcfd9f4a15572406e692efb63c
SHA256

2459e3202ebe671d832d4d955d90fbc8492eea37441d44e9a829e845fda7fa2f
SHA512

106e22bbcaa8f5aab2e0a7fa308c7f8b483f41963901d6f94f4d5064e73eb02e549790c43f4e2f915e03e71421bba57a8f10f6104f416b3f68f15bf33b54ca01
SSDEEP

1536:zvX2ZU/Aq5V75wxXeZXOQA8AkqUhMb2nuy5wgIP0CSJ+5yYB8GMGlZ5G:zvGSn7+lLGdqU7uy5w9WMyYN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2928	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1928	cmd.exe
1928	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1928	1708	2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 1928	1708	2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 1928	1708	2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 1928	1708	2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe	29
PID 1928 wrote to memory of 2928	1928	cmd.exe	30
PID 1928 wrote to memory of 2928	1928	cmd.exe	30
PID 1928 wrote to memory of 2928	1928	cmd.exe	30
PID 1928 wrote to memory of 2928	1928	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2731de8ed874b9aab83dc3c4114c4d50_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2928

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
83e4c6ec72e6574b7d004a7d27776551

SHA1
e8703dbf94496fa4c1dccb1b6b09ad205e92fbb2

SHA256
657382af878784e8fedc6d79f59a6204ffbe51610d7455995ee43083a76cd3cb

SHA512
a0af26cc32610d8751ade5ba94632a971892f9b0f7f5a3bbce945df198e8086d0eed2a3a7f789c0b344544af561e0b1af5e466f54e8e067fd1c8fbaf5c12fcf5

Download Submit
memory/1708-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2928-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download