8250ef5cfc11574c9d262a3156dcd49b39fd695a7d3c7a5c27020e32080d0573

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 15:36

Target

c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe
Size

79KB
MD5

c628c658cb0af6a9f4c91c6b938b6810
SHA1

80f50eaa296a3717a96ea3e2b09fae3b6281565d
SHA256

8250ef5cfc11574c9d262a3156dcd49b39fd695a7d3c7a5c27020e32080d0573
SHA512

52d92807dc19a940282e0e07959b4c7ca9f1860b289748605e0b6ad8a4c4ed24cb7bc0deb3e836cb9dab40998adc12e71bdb3fc1384855a9a8e36be29cbcfd57
SSDEEP

1536:zvS9+LJ8lZuCUuTOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvS9O8lZuCmGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2744	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2972	cmd.exe
2972	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2972	2992	c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 2972	2992	c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 2972	2992	c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 2972	2992	c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe	29
PID 2972 wrote to memory of 2744	2972	cmd.exe	30
PID 2972 wrote to memory of 2744	2972	cmd.exe	30
PID 2972 wrote to memory of 2744	2972	cmd.exe	30
PID 2972 wrote to memory of 2744	2972	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c628c658cb0af6a9f4c91c6b938b6810_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2744

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d5d99597fb6deaf0fee3cf89a816794b

SHA1
5f75eab9714fc04f657f58d80cd6362ee4be365f

SHA256
1437276cea4d9b1e91c1ade9b2e2c0a6e32e8e237133a51056abfb50b5804020

SHA512
42ca889c807ac7147d001b9259ad5adfdd04e3eb1c3110cc1c21626ff4bfc20db3ab3606d412df78e49972e90bd403aee9f437540d16a55a9ca9e496ac55a29a

Download Submit
memory/2744-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2992-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download