01c143677ef0bced816120c4230f932cbfc6b823113997cfd6410910c27c1b05

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 13:19

Target

0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe
Size

79KB
MD5

0d0946d8e8dfd74b97735005717d55c0
SHA1

d89eebd94faaf27ae80c52d2e98ab033481ea4e4
SHA256

01c143677ef0bced816120c4230f932cbfc6b823113997cfd6410910c27c1b05
SHA512

e88798669e9d2ad982696da8c4403c949502256fd969e098e0368536671c011145dfd100f9a6e6fc80a841c893719e5b691dad2dbf0f1aafde3cdacb34d16941
SSDEEP

1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvgMa2GdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1248	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1052	cmd.exe
1052	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1052	1688	0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 1052	1688	0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 1052	1688	0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 1052	1688	0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe	29
PID 1052 wrote to memory of 1248	1052	cmd.exe	30
PID 1052 wrote to memory of 1248	1052	cmd.exe	30
PID 1052 wrote to memory of 1248	1052	cmd.exe	30
PID 1052 wrote to memory of 1248	1052	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0d0946d8e8dfd74b97735005717d55c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1248

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5eccd6fa246970926ec0605ffadb3955

SHA1
95d43da2224c46ea298b13bd65087a677cd82263

SHA256
e485d67366d6d26825898326c63bee850555562b6333d0eb2a20cff39b3c1ff7

SHA512
543c7143f2aa53cec8d5dee155e3c98f0c6e436da5d069a89f1f7457d44023e71864e1eee7c966f7b410969da7fa5e8aca2bdc53690a306fd818cc2ce5da8362

Download Submit
memory/1248-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1688-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download