d737e8aec04600a0d1c7808cc0c51b87566738058516b4b2f544f30902a8df2f

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 15:16

Target

873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe
Size

79KB
MD5

873d83ce77ff0296440febe45f08a190
SHA1

8698622676111a9669f26bbcca23496442d2bcc9
SHA256

d737e8aec04600a0d1c7808cc0c51b87566738058516b4b2f544f30902a8df2f
SHA512

4769e243d4ff872612f34947edd16c535a9d3f8168b2ae5afb71caf982a0fceae00364c378224f9c1572c0407a63274855421e388cf399812f3904128adda19b
SSDEEP

1536:zvOu444kuX3UFPRWqykfOQA8AkqUhMb2nuy5wgIP0CSJ+5yutB8GMGlZ5G:zvp4449X+pJWGdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1068	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1684	cmd.exe
1684	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1684	1096	873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe	29
PID 1096 wrote to memory of 1684	1096	873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe	29
PID 1096 wrote to memory of 1684	1096	873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe	29
PID 1096 wrote to memory of 1684	1096	873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe	29
PID 1684 wrote to memory of 1068	1684	cmd.exe	30
PID 1684 wrote to memory of 1068	1684	cmd.exe	30
PID 1684 wrote to memory of 1068	1684	cmd.exe	30
PID 1684 wrote to memory of 1068	1684	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\873d83ce77ff0296440febe45f08a190_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1068

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
581bc6657b1834d435996a2d61ce2a0c

SHA1
09298db5339819ed10831be46f1fd7539cf007cc

SHA256
5ac5d52b21391ccc1cba0c2d8533ab6aabde5d2eb03a51a5d19ebc0ac8b0ef1e

SHA512
19a7710118335b4027fb27c8c0ca98a573aa4aced54269d08dfbbb98f112a99906eef7c73fd1501d33e03172bffc701b00bfdf7ae67bdc1bff133bae3f3d01ab

Download Submit
memory/1068-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1096-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download