570c31c260a3c10543686dc10a4de86ef196c40f2417e98254b10697bec9c459

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 18:01

Target

02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe
Size

79KB
MD5

02891f476606c1226f4a8b018d452e80
SHA1

fe0f2a981eaf6d792296a5e9925273b098fa35d3
SHA256

570c31c260a3c10543686dc10a4de86ef196c40f2417e98254b10697bec9c459
SHA512

87f6c76ed91b09d2070042d64a4fca5e814cda45b57d00764de54c25386e619819e500767e04e71006cc1ee2169963e4933556400fa73e7e435c566c20e78202
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zvcc4DGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2008	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1736	cmd.exe
1736	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1736	1276	02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 1736	1276	02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 1736	1276	02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 1736	1276	02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe	29
PID 1736 wrote to memory of 2008	1736	cmd.exe	30
PID 1736 wrote to memory of 2008	1736	cmd.exe	30
PID 1736 wrote to memory of 2008	1736	cmd.exe	30
PID 1736 wrote to memory of 2008	1736	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\02891f476606c1226f4a8b018d452e80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2008

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bf8066454f2ae014a6e61cf281e987b9

SHA1
5a5d4425153e1feafaffe50a790cc7337349a00b

SHA256
e4bf7a3bc311a4c657b9edf6af644eaa82a0709b3cf4a58971f542cf099a33c5

SHA512
77073d597fcbdd63b7a989526528a2f8bf1f8605493e58d6618d429eedd0361ec3293d73975cb430777073cf0f5831c3634e92ff4b797deacedbe27545ddaf93

Download Submit
memory/1276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2008-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download