5f7da43e3f484395d0fb8eb3a996f9a749e4c354930f4d61fc1a32af4831ec4f

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 20:24

Target

1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe
Size

79KB
MD5

1ac020841e18e603ec4abb5e47047d30
SHA1

b3f22aac62b66de0c080487a6d2ee0e839a18de8
SHA256

5f7da43e3f484395d0fb8eb3a996f9a749e4c354930f4d61fc1a32af4831ec4f
SHA512

90b9e9871bc595aa7d62466802dd09c33c44b4f94d18b4f76a25ab2111582bf394422dd33f8235b3083b9333aafd23da49c3c28177003933b092d95066c1855f
SSDEEP

1536:zviSrOy6IQz0raGXOQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zviSrr6IQ8FeGdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1736	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1996	cmd.exe
1996	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1996	1704	1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe	29
PID 1704 wrote to memory of 1996	1704	1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe	29
PID 1704 wrote to memory of 1996	1704	1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe	29
PID 1704 wrote to memory of 1996	1704	1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe	29
PID 1996 wrote to memory of 1736	1996	cmd.exe	30
PID 1996 wrote to memory of 1736	1996	cmd.exe	30
PID 1996 wrote to memory of 1736	1996	cmd.exe	30
PID 1996 wrote to memory of 1736	1996	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ac020841e18e603ec4abb5e47047d30_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1736

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
02b96fdff1e102fefc777c7aa92f5cb6

SHA1
c4d99da13e0c6b5ada5c1e135dd923051bfa6231

SHA256
1735f42510df2349fb0cbbdcd7137bbd98d340b9b26e70d9829b904427ffff39

SHA512
8d76780fd8c3be1310477d0262d4eb1ab5c2e0906996098e8df604d5591b1532b718ed007f3b3685912fc5f4ca3a20e4b407f4b30c47e136facf2b1bb3216145

Download Submit
memory/1704-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1736-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download