403beb8f0c98e14c4ca76a782a088efacabc2273e6b94e79b8c9c82a429c1509

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 03:14

Target

dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe
Size

79KB
MD5

dd5389c5a10803651672979f0ec1aeb0
SHA1

3aa6cdf5c500063d126264582b5e12e66e3b335f
SHA256

403beb8f0c98e14c4ca76a782a088efacabc2273e6b94e79b8c9c82a429c1509
SHA512

b2b7280f03d8733de4a502e28f2eb8769e0de030a762416919676059e21c5927415da3ed2a75eb254757121fdf64621c818ebb4737c49b52ffa2a3cfaeb8e53b
SSDEEP

1536:zvJwHNRJptc2hR5XOQA8AkqUhMb2nuy5wgIP0CSJ+5y+uB8GMGlZ5G:zvWrHhR5eGdqU7uy5w9WMy+uN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2988	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2932	cmd.exe
2932	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 2932	1004	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	29
PID 1004 wrote to memory of 2932	1004	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	29
PID 1004 wrote to memory of 2932	1004	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	29
PID 1004 wrote to memory of 2932	1004	dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2988	2932	cmd.exe	30
PID 2932 wrote to memory of 2988	2932	cmd.exe	30
PID 2932 wrote to memory of 2988	2932	cmd.exe	30
PID 2932 wrote to memory of 2988	2932	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dd5389c5a10803651672979f0ec1aeb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2988

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a0bdb9aca7196477fd67daf63cde1fa3

SHA1
bf480c349134f601951b19792694bdecec9ff19e

SHA256
4c95401ff425de9324b861369c06cefaf4c9f054a357fcd18816df75fe4d3489

SHA512
ded97fe88f4ee3c31dbb52ee1c68d02930369dc31ab82a2b9074c76c2f12e8277a24a79814dac210052ef3a1314867849c8adaf945873c615f187ca9f708243f

Download Submit
memory/1004-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2988-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download