f74b322019399bc3b35fd254f75c910966a22ac507a10c76e527802139df21cf

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 07:10

Target

bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
Size

73KB
MD5

bd1f5ab902f19cefcbe406743261a440
SHA1

f94d28e4c3771e488cd2c6d27a3e3306d952444f
SHA256

f74b322019399bc3b35fd254f75c910966a22ac507a10c76e527802139df21cf
SHA512

41102819b1b1488119b38a0d52177534afd5e8b61847df4452eccab37e4a2c49a78c59d61948442d80cb91399521b643283d34c10d6761cd90bb7c57442b3aac
SSDEEP

1536:hbdqdHQSgVsNa0PK5QPqfhVWbdsmA+RjPFLC+e5hp0ZGUGf2g:hJUMsNRPNPqfcxA+HFshpOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2648	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2748	cmd.exe
2748	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2748	2976	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	29
PID 2976 wrote to memory of 2748	2976	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	29
PID 2976 wrote to memory of 2748	2976	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	29
PID 2976 wrote to memory of 2748	2976	bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe	29
PID 2748 wrote to memory of 2648	2748	cmd.exe	30
PID 2748 wrote to memory of 2648	2748	cmd.exe	30
PID 2748 wrote to memory of 2648	2748	cmd.exe	30
PID 2748 wrote to memory of 2648	2748	cmd.exe	30
PID 2648 wrote to memory of 3044	2648	[email protected]	31
PID 2648 wrote to memory of 3044	2648	[email protected]	31
PID 2648 wrote to memory of 3044	2648	[email protected]	31
PID 2648 wrote to memory of 3044	2648	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\bd1f5ab902f19cefcbe406743261a440_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3044

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
b9769a3c0be9c6d321a5381f32836ebf

SHA1
8e831e7e931cf7be1ce51de89da5da8c4d8bcfa0

SHA256
e223a9740c463972a36b3e8813f1ec9bc6080fcd31bffedacf7dc1e7012dfab9

SHA512
bd0ad9a7c53fd9000369eb06b695b1dddbc6160506de80fbb6ef9b46c0b6036aac4f811818009462041ccf1ddc336baf681ddf8ea5892e444fb6ea9d5dbb1042

Download Submit
memory/2648-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2976-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download