c1ea87533bd2deb629e9a5726e0be31ef2671a8bb93ef28880096f227a2cabac

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 19:33

Target

12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe
Size

73KB
MD5

12106eb3278d1dc66989e1debb0f6330
SHA1

cae5314850f8c74d0ceed8152db7ff2f7cdaca2c
SHA256

c1ea87533bd2deb629e9a5726e0be31ef2671a8bb93ef28880096f227a2cabac
SHA512

2c37ef1a01f837107fadeb0908da62ee56f103d2e6a8ad6b5f8df376b2ee47ac58b4951d33176438411a0f1a33c04cf8f27b36c03fb9d0834d24a9045bd060e2
SSDEEP

1536:hbe2f0xXOeK5QPqfhVWbdsmA+RjPFLC+e5hl0ZGUGf2g:hH0hbNPqfcxA+HFshlOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2688	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2684	cmd.exe
2684	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2684	2216	12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 2684	2216	12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 2684	2216	12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe	29
PID 2216 wrote to memory of 2684	2216	12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe	29
PID 2684 wrote to memory of 2688	2684	cmd.exe	30
PID 2684 wrote to memory of 2688	2684	cmd.exe	30
PID 2684 wrote to memory of 2688	2684	cmd.exe	30
PID 2684 wrote to memory of 2688	2684	cmd.exe	30
PID 2688 wrote to memory of 3060	2688	[email protected]	31
PID 2688 wrote to memory of 3060	2688	[email protected]	31
PID 2688 wrote to memory of 3060	2688	[email protected]	31
PID 2688 wrote to memory of 3060	2688	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12106eb3278d1dc66989e1debb0f6330_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3060

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
bc706bb7ef5a15c8713e82edd9d1f0d9

SHA1
650bf45b93432c595148bb0a043ccaaaf43c5d11

SHA256
d3936b43efec24421abf8f0e763f761a5afd8be6f99cfdd75bf4f5cc1c587c2b

SHA512
908e5baf0a263f75ebee14d0b40e9e7f0d08a7e9eef932be30d62011e9b67597b5f39b5147a61d7e51a6429eaade4d16a606b3e2b14759245c5be2e57c5d3fe6

Download Submit
memory/2216-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2688-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download