dcecd60ff36c4d78ef22c48d493489ef5c3f1f90cee0e8e8fdc94c76e28b16bd

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 20:27

Target

1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe
Size

79KB
MD5

1b5683d948e40890aac0e6ff77eab550
SHA1

b27ef75dc466e8d46744eb1e0dd865a437dc762a
SHA256

dcecd60ff36c4d78ef22c48d493489ef5c3f1f90cee0e8e8fdc94c76e28b16bd
SHA512

c7617c4ffef187f3e0eef5066a5f862402de3d3f06177eb892c5ca5fc34951ee2f5e84bdd967be6ffdcdf8623babeb6fe5e52eb103bec81bfd3a1b2cfc9bbe05
SSDEEP

1536:zvYXfWmBA7mSJoFrOQA8AkqUhMb2nuy5wgIP0CSJ+5y+B8GMGlZ5G:zvYROd06GdqU7uy5w9WMy+N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2480	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2724	cmd.exe
2724	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2724	2168	1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2724	2168	1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2724	2168	1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2724	2168	1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe	29
PID 2724 wrote to memory of 2480	2724	cmd.exe	30
PID 2724 wrote to memory of 2480	2724	cmd.exe	30
PID 2724 wrote to memory of 2480	2724	cmd.exe	30
PID 2724 wrote to memory of 2480	2724	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b5683d948e40890aac0e6ff77eab550_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2480

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
af92486dbfd5c020b4c15c9cd24a6bc8

SHA1
2b6a5c7965511fbf502951b974c95a805116d184

SHA256
d5a5715c676efc5b8151ab40afc4aa8f04378ec5dbc1fb4aa2fe74ea6c31dd6d

SHA512
23980dad612a9fb13a57dcabafff57a9ea9da43ddfebe50db3715bdd5afb1bc3981e4b4fa548c69c615fc5b64cf57c5fc691126f56b58f5dae667718c5461b40

Download Submit
memory/2168-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2480-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download