2d87c4b7429a28bd5d3e3f47209fe5feacbea4973f534243c1f3d275d34976b1

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 23:29

Target

358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe
Size

79KB
MD5

358ebdc22fa4d1ee61bd7bae1640ce00
SHA1

280d036abcb06fecb6eb5b6a97aa64c5bafdbed3
SHA256

2d87c4b7429a28bd5d3e3f47209fe5feacbea4973f534243c1f3d275d34976b1
SHA512

0acaf129a14c6867dddda7f2533071abef5499c1895089dd9bf11e1eabddc179b250522268f69476429374fecb84e7c64180e28dfbba4f18f76608c5f6849386
SSDEEP

1536:zvwmwwGfvoYmS3uOQA8AkqUhMb2nuy5wgIP0CSJ+5ydSB8GMGlZ5G:zvRcQYpGdqU7uy5w9WMysN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2076	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2068	cmd.exe
2068	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2068	2932	358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe	30
PID 2932 wrote to memory of 2068	2932	358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe	30
PID 2932 wrote to memory of 2068	2932	358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe	30
PID 2932 wrote to memory of 2068	2932	358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe	30
PID 2068 wrote to memory of 2076	2068	cmd.exe	31
PID 2068 wrote to memory of 2076	2068	cmd.exe	31
PID 2068 wrote to memory of 2076	2068	cmd.exe	31
PID 2068 wrote to memory of 2076	2068	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\358ebdc22fa4d1ee61bd7bae1640ce00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2076

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ed085d0475b6866d75d070839f59d17c

SHA1
718a6d57bc14b1a75229b7fc1497a1b01243da1b

SHA256
57ad3d84c744967175dd65e6c1c789947e41448e509b3bd339350b30f26e82ad

SHA512
0c58438abf537de01199a0da0ca13bd22a1892a8f3e2605f6bd236760369d67f5cb957c874b60092f1155011fafdb6208b6ca98889d59b250217bf6191286452

Download Submit
memory/2076-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2932-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download