7a4e5b83f6dd240e5a1cf9213d210a177ebcb8df3d91b9b5ac50789da7cd1ae2

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 05:39

Target

5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe
Size

79KB
MD5

5008f70ee60c5f895eab1f84bbe95e30
SHA1

7bb641149a1a10f7920aa752fa730ed10bc13820
SHA256

7a4e5b83f6dd240e5a1cf9213d210a177ebcb8df3d91b9b5ac50789da7cd1ae2
SHA512

17110bb56d11ae06d6ebae2cce37af8b7396ee479525a59ffdf9c522853eae0253321c50c6fe8c885fe979527c55b7ff480f901e36354b959a5d71cf7a7067c9
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5yAB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMyAN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2860	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2004	cmd.exe
2004	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2004	2072	5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 2004	2072	5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 2004	2072	5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 2004	2072	5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe	29
PID 2004 wrote to memory of 2860	2004	cmd.exe	30
PID 2004 wrote to memory of 2860	2004	cmd.exe	30
PID 2004 wrote to memory of 2860	2004	cmd.exe	30
PID 2004 wrote to memory of 2860	2004	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5008f70ee60c5f895eab1f84bbe95e30_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2860

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c863ae783984785a08fd65a2a8c2ba8b

SHA1
a56724079e03101cb75d83d090de07b863cc3c44

SHA256
93c336c4404d39311d3947947534b8ebb0c50961d02413d32717c4991a10b3d9

SHA512
52256dc25cb078aed3d6e39e662a031f18df5220c68ef54e866033b91b0d58d1e013872438a9929a386595ed959c7d368b30a96588ec2627bb4a0bbc9fca2d3c

Download Submit
memory/2072-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2860-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download