b62d1195eb92ad1c6962ab99dbbfc4483285e012ae2f71e33b2d7c55d7260c96

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 01:42

Target

8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe
Size

79KB
MD5

8c338077566d1026dcb108eacad51ab0
SHA1

bc9907485a800345ca2eae64a42737166dfcf318
SHA256

b62d1195eb92ad1c6962ab99dbbfc4483285e012ae2f71e33b2d7c55d7260c96
SHA512

665ba1f90d681f3bfd7681befa9dee67c449379dc66eac754c25c4637491249ac09ebf0f4d449d62212df2246069653301136551502bf77439d7eb07f9524e57
SSDEEP

1536:zv4au8qeCIW7WU8ikh4OQA8AkqUhMb2nuy5wgIP0CSJ+5yIyB8GMGlZ5G:zvkzvIbHZhdGdqU7uy5w9WMynN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1264	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2328	cmd.exe
2328	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2328	2748	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	29
PID 2748 wrote to memory of 2328	2748	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	29
PID 2748 wrote to memory of 2328	2748	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	29
PID 2748 wrote to memory of 2328	2748	8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 1264	2328	cmd.exe	30
PID 2328 wrote to memory of 1264	2328	cmd.exe	30
PID 2328 wrote to memory of 1264	2328	cmd.exe	30
PID 2328 wrote to memory of 1264	2328	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8c338077566d1026dcb108eacad51ab0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1264

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a335f495ce0e3982e1bb4b969b018afc

SHA1
c94a0afd687b671d683a9eeab57011238c1359f0

SHA256
1dff6c8faa4e398b3b11d3453bc26cb625ca227bf6f791e86eb55a9e54ba6298

SHA512
7d29a95833ddefeac49e5e90b9d9fdf693dbfa7cbada428d9b7521043863956fa5c9fc1cb3c161ad58df8277702f4c9a37b3b1e4d2304f9befb467ce69ae2807

Download Submit
memory/1264-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2748-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download