4ca72dc49b4c0fdea7150fede53cbcc8380d6628cd59c1480df368669e63f48b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 09:38

Target

89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe
Size

79KB
MD5

89caf8e89b0d7115d7a1f02341bdab70
SHA1

101c0b95b44f6de66987eacc1cc0c743fa276d28
SHA256

4ca72dc49b4c0fdea7150fede53cbcc8380d6628cd59c1480df368669e63f48b
SHA512

9ee6663248cce2223c173136cc3bc2f34f8c408ce5ccbff48e7239e33e6f6acdb982555314efb02d352ff20f8cd91ea78bd135f9e5717ee486a713f15f2bd9ef
SSDEEP

1536:zvutflb9x7eB1xqz4OQA8AkqUhMb2nuy5wgIP0CSJ+5yXnB8GMGlZ5G:zvKtb99ebQpGdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2684	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1932	cmd.exe
1932	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1932	2156	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	29
PID 2156 wrote to memory of 1932	2156	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	29
PID 2156 wrote to memory of 1932	2156	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	29
PID 2156 wrote to memory of 1932	2156	89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe	29
PID 1932 wrote to memory of 2684	1932	cmd.exe	30
PID 1932 wrote to memory of 2684	1932	cmd.exe	30
PID 1932 wrote to memory of 2684	1932	cmd.exe	30
PID 1932 wrote to memory of 2684	1932	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\89caf8e89b0d7115d7a1f02341bdab70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2684

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
29efed8fed2b21187642d1dd82a102a7

SHA1
5f24af93e943f90741b2a96f38010878a4b1f056

SHA256
47fef0edf9ed01cc71623d19fcbae3fb5260740fc69ebd651d442d1b05b0fc2e

SHA512
34bbabe8920ad8b0af70310f2fee4fd31f3081044505c04845329e7ec4d1be54a8d5fcc2ab40f029c5b58636bf9a2e2d54ac3ed8aea8d1055b920ab73a09ffbd

Download Submit
memory/2156-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2684-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download