2a7abd42efbb10902d35ca384493db828b4ae224b9202dddc63a6b2cf590e5fd

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 15:54

Target

3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe
Size

79KB
MD5

3803b9675198560d298f265b56a7b830
SHA1

ed94fcf1fb066d226bc7d6a96169a4499f5eff15
SHA256

2a7abd42efbb10902d35ca384493db828b4ae224b9202dddc63a6b2cf590e5fd
SHA512

17dfd9cce6ecb7756b42ecd9a74db034b3c22c019a2a3bf936845cc7c4442c3f60fd77b9eee8c57a269406e1b60fa63dae66459c214d6aed2f6ef94a7d6a3397
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2940	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2468	cmd.exe
2468	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2468	2612	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	29
PID 2612 wrote to memory of 2468	2612	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	29
PID 2612 wrote to memory of 2468	2612	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	29
PID 2612 wrote to memory of 2468	2612	3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe	29
PID 2468 wrote to memory of 2940	2468	cmd.exe	30
PID 2468 wrote to memory of 2940	2468	cmd.exe	30
PID 2468 wrote to memory of 2940	2468	cmd.exe	30
PID 2468 wrote to memory of 2940	2468	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3803b9675198560d298f265b56a7b830_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2940

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9663ac274c0efd1798999461ee740ccc

SHA1
b308c3b56ec0efae59f1f021b3d1028b65ac7f30

SHA256
7c5be18b6f5f1dd622f6e589f50f5c9af9c8b1391eeca05e884a9a7777cf5b77

SHA512
dcfc458306f1b3b7262351c606fbc016577433fddb6aed3ad343f62a2f45f1ec6888f779a0da8c11cc16593a86fc7507f3618ac8c1c04c3f0222e45fed225f30

Download Submit
memory/2612-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2940-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download