5085afd0f92f72bd5e4fe5edbe38d092e7c00db2370ff66d0bd2d05c2163153c

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 08:05

Target

ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe
Size

79KB
MD5

ade84edf540fc1cdb305e19091f16690
SHA1

7e0b0e6acdc7722d73de1eb64e12a246ea9513d7
SHA256

5085afd0f92f72bd5e4fe5edbe38d092e7c00db2370ff66d0bd2d05c2163153c
SHA512

77c787e559ed0d4fabe311bf71feb875b9b82818fa222da0d08513343d56d973476688293314afe0eec4b11868b98843f74782edc68a339a791ff92141ed86ef
SSDEEP

1536:zvefmYhApBOJYluOQA8AkqUhMb2nuy5wgIP0CSJ+5y4B8GMGlZ5G:zvVYKqJYl7GdqU7uy5w9WMy4N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2944	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2928	cmd.exe
2928	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2928	2420	ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe	29
PID 2420 wrote to memory of 2928	2420	ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe	29
PID 2420 wrote to memory of 2928	2420	ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe	29
PID 2420 wrote to memory of 2928	2420	ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe	29
PID 2928 wrote to memory of 2944	2928	cmd.exe	30
PID 2928 wrote to memory of 2944	2928	cmd.exe	30
PID 2928 wrote to memory of 2944	2928	cmd.exe	30
PID 2928 wrote to memory of 2944	2928	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ade84edf540fc1cdb305e19091f16690_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2944

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3ed5e58ec343b109ba7c0d5b78d97d5b

SHA1
4d13ff2d777b498c78b5cc4b094a60d89d7d8589

SHA256
34d2510653b8e174f3008ceac78508f6df99b3fafa81f45fcb6b795f34043ded

SHA512
20d226df4e5c630e9003842e0431bfb205b57930927678cfe2ca0ecaf33e058e03781451042ae6eb6bbab3d3f94d310df934579217de4998d275830c567c394c

Download Submit
memory/2420-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2944-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download