5407e29955464145b6af2faf97057f09ff460de10169218d2adcd8af454d5c03

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 10:35

Target

e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe
Size

79KB
MD5

e231d72be2b45a86573eb0c54e7df0b0
SHA1

8592a43d44f2c75dcd88566dd15eab3932babc7f
SHA256

5407e29955464145b6af2faf97057f09ff460de10169218d2adcd8af454d5c03
SHA512

e4f300bc5ee23d9df158da0deb01137bb1d488fa04af8a0f0e3bb453775e0444910c48683657d7771186d289f0ca7f7facbd6a0e7f23a41e0c35cec7a8559447
SSDEEP

1536:zveqMOWly+1LMS6T5S0KiOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvevOW916TI0yGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2092	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1604	cmd.exe
1604	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1604	1368	e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 1604	1368	e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 1604	1368	e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 1604	1368	e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe	29
PID 1604 wrote to memory of 2092	1604	cmd.exe	30
PID 1604 wrote to memory of 2092	1604	cmd.exe	30
PID 1604 wrote to memory of 2092	1604	cmd.exe	30
PID 1604 wrote to memory of 2092	1604	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e231d72be2b45a86573eb0c54e7df0b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2092

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
a0bea1581b562787fa76ef020752e1af

SHA1
7ea7c5bcc500050460548b35fd1d863f3165e194

SHA256
9c03572e9e572dac480e9bcce5f2ba52eeaaf7b7617ae7b6fb8b57751bc0293c

SHA512
5545ba888d38281e15d7e6c92f953e54ceeee2ed32b2a9a03ace317df6f741b6fdb0827e7e23a0e511d08bb0b722019dc4b7241aa26d27e5f67f8940e85be926

Download Submit
memory/1368-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2092-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download