43249d618936e24063634715523dd317fb3b4b9758682a6bcc3d4ef8738aaa0e

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 20:35

Target

b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe
Size

73KB
MD5

b4265ec586eac5a7126274af94573a00
SHA1

936a19bac085d3e48fad4e1805217b0bdf6e5dd2
SHA256

43249d618936e24063634715523dd317fb3b4b9758682a6bcc3d4ef8738aaa0e
SHA512

6a46669bcf350c14c62ff518cf6222af476450447e4451d5a40b5015fd15e19ad3daa58a3e341fd47518f96e4c3a4fe4d6ffaad0a877387d7d795a3a14973ea9
SSDEEP

1536:hb1UpKcrK5QPqfhVWbdsmA+RjPFLC+e5h52A0ZGUGf2g:hpUYWNPqfcxA+HFsh52AOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2884	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2172	cmd.exe
2172	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2172	2184	b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe	29
PID 2184 wrote to memory of 2172	2184	b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe	29
PID 2184 wrote to memory of 2172	2184	b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe	29
PID 2184 wrote to memory of 2172	2184	b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 2884	2172	cmd.exe	30
PID 2172 wrote to memory of 2884	2172	cmd.exe	30
PID 2172 wrote to memory of 2884	2172	cmd.exe	30
PID 2172 wrote to memory of 2884	2172	cmd.exe	30
PID 2884 wrote to memory of 2488	2884	[email protected]	31
PID 2884 wrote to memory of 2488	2884	[email protected]	31
PID 2884 wrote to memory of 2488	2884	[email protected]	31
PID 2884 wrote to memory of 2488	2884	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b4265ec586eac5a7126274af94573a00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2488

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
d5b9dcb8444a47db49463a4de887f27b

SHA1
4d4ba9dd11d962dba57514fce46170c5702d856b

SHA256
c3082693c34480888e6ef9f415023d4975c3db3e47b84981fec8bd0d9edd3b8a

SHA512
8dbb80d83a5d0509c4c8bd1ac5cba7db7873432bb8f34d0481182e58b7fb4336e58c3516820a9d292aeead92088c65c1949b1f57ad68eaf2ee9e615c7958916d

Download Submit
memory/2184-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2884-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download