193727504c16ae2b61febfdb555391d6d55a70dab6a50b23e0f42e35b771e4aa

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 19:58

Target

162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe
Size

79KB
MD5

162242557a21d657504ed0f1c1477370
SHA1

d88ffbb100b446f894813da771643b9c4fd65e88
SHA256

193727504c16ae2b61febfdb555391d6d55a70dab6a50b23e0f42e35b771e4aa
SHA512

75a9f3b90fe404e32c41ebfc0b0f25e128b31823a1811ff99daf07e7c0490dce74eea6570bef9d48304ab312f9dbfe154f55e2cad8544523bc03f6ff688c338f
SSDEEP

1536:zvDsG4JxfZRe6RIFnzUmJfOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zvYc5zpJWGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2352	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1520	cmd.exe
1520	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1520	2820	162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe	29
PID 2820 wrote to memory of 1520	2820	162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe	29
PID 2820 wrote to memory of 1520	2820	162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe	29
PID 2820 wrote to memory of 1520	2820	162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe	29
PID 1520 wrote to memory of 2352	1520	cmd.exe	30
PID 1520 wrote to memory of 2352	1520	cmd.exe	30
PID 1520 wrote to memory of 2352	1520	cmd.exe	30
PID 1520 wrote to memory of 2352	1520	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\162242557a21d657504ed0f1c1477370_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2352

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1198b947d58486e86a8e7fc1e43dc9ce

SHA1
171cd2d0355fa843c705724ab3395b38dd5cafbc

SHA256
47ceaa8df1ccaa4ff34a659e96b6f61ef619a9ea4319930c3af287e0726073ae

SHA512
a09c4cc000836b408f6594403b0d3b199a114759257ab0f2569fbc32b3596350c35f2cbf9d58681a83e1180e529fb8c074defc961b7d6d2ceae3a8eceb51d359

Download Submit
memory/2352-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2820-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download