608b4d4ca981cf9ae97ca65c738cd68eb76453aee93433410e8e57d529fe285c

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 00:13

Target

ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe
Size

73KB
MD5

ae83019c7dfe5eaa937fb21eaabcf270
SHA1

cfb5118504be965b1807a78023508b27567329a5
SHA256

608b4d4ca981cf9ae97ca65c738cd68eb76453aee93433410e8e57d529fe285c
SHA512

af1d8a16a8ff4a87544ed535265409d1fc1e2cf4186a168b8b5e78cc7b4cadd8003424a4758ee7ccc10f0f6c8c409b43fdb198c7b34b3b7e2a471c1adbab2e54
SSDEEP

1536:hbS7jwHOIGK5QPqfhVWbdsmA+RjPFLC+e5h1HQ0ZGUGf2g:h4jpVNPqfcxA+HFsh1wOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2332	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2888	cmd.exe
2888	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2888	2320	ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe	29
PID 2320 wrote to memory of 2888	2320	ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe	29
PID 2320 wrote to memory of 2888	2320	ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe	29
PID 2320 wrote to memory of 2888	2320	ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2332	2888	cmd.exe	30
PID 2888 wrote to memory of 2332	2888	cmd.exe	30
PID 2888 wrote to memory of 2332	2888	cmd.exe	30
PID 2888 wrote to memory of 2332	2888	cmd.exe	30
PID 2332 wrote to memory of 2252	2332	[email protected]	31
PID 2332 wrote to memory of 2252	2332	[email protected]	31
PID 2332 wrote to memory of 2252	2332	[email protected]	31
PID 2332 wrote to memory of 2252	2332	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ae83019c7dfe5eaa937fb21eaabcf270_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2252

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
468dba77c56d1de1d1f778c6f126d6cc

SHA1
c5e3fd92583fabb15ce866879f35cd026b312e6a

SHA256
dc52bd303e032bcbab4d90c47fd62470fd5b35412fc7efdfee5eb86368a0003b

SHA512
48011173444d2ae09bccbcf3aa08de1311e9de4046dca878e7c05507470fc7b38e09fe31416060703865aaf6ec0aa149ed26a913c1fb9be5a633cb32e4f51084

Download Submit
memory/2320-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2332-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download