f66bcd198de4ac69cd0b263d00a4bdc8d8c6a6e02bebde6204ae2abfe0a60c7c

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 07:06

Target

9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe
Size

79KB
MD5

9d8eb02e82f9f8833de88ef6144e8d90
SHA1

5637ce7e9daa65f695bfd3c66dc69acf3cacd1e3
SHA256

f66bcd198de4ac69cd0b263d00a4bdc8d8c6a6e02bebde6204ae2abfe0a60c7c
SHA512

d3e8169f20e8167c74bd66ceba0cea8dfdbbafd1237a66cdcd9a5298166fe4f43bf8615efd3af32bbf172e9572bf210c516b4359ca94abd45b9eb9cd450ef6cd
SSDEEP

1536:zvXObzfMmFJA4r0BOQA8AkqUhMb2nuy5wgIP0CSJ+5yPB8GMGlZ5G:zvXOnkmw4rdGdqU7uy5w9WMyPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1144	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1148	cmd.exe
1148	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 1148	1684	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	29
PID 1684 wrote to memory of 1148	1684	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	29
PID 1684 wrote to memory of 1148	1684	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	29
PID 1684 wrote to memory of 1148	1684	9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe	29
PID 1148 wrote to memory of 1144	1148	cmd.exe	30
PID 1148 wrote to memory of 1144	1148	cmd.exe	30
PID 1148 wrote to memory of 1144	1148	cmd.exe	30
PID 1148 wrote to memory of 1144	1148	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9d8eb02e82f9f8833de88ef6144e8d90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1144

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c4c9a5fc18db7cafcc45ed089fbb4b22

SHA1
02d5f6891e55bb8c6898752ad0fa69bf0f467eec

SHA256
69b8b1abeef666bc45fc75b97f67b34a2fd20adc1f326fded262da060f60ff16

SHA512
ccdf834ef9ed62a6636f2b8e54e7a6f20615ca89c2292f0ecf7d521372adf5ada16ed072d86820deb13a4c6d0a6550be0698a5c6b0f9f4f02d07c37034baaca1

Download Submit
memory/1144-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1684-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download