53b06b38a7e6eccf43390d4fd70a216918dee28466f37532ae52021db94ce423

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 20:13

Target

18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe
Size

79KB
MD5

18dd9923a9ce15c8c745b65be3476710
SHA1

3d410f274e446b7676a9953fecfd737ba48c7bd4
SHA256

53b06b38a7e6eccf43390d4fd70a216918dee28466f37532ae52021db94ce423
SHA512

fc976894ff9908c58c74849d0aa5af60b500c6f3847d26cd7fd7ca2f5d6d08e9461084cd5a17f8983281bb4d4bbed1577b56245b99d4189205e08c036e211153
SSDEEP

1536:zvilKrQ1OQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zvi8QsGdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2128	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2144	cmd.exe
2144	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 2144	1232	18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe	29
PID 1232 wrote to memory of 2144	1232	18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe	29
PID 1232 wrote to memory of 2144	1232	18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe	29
PID 1232 wrote to memory of 2144	1232	18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe	29
PID 2144 wrote to memory of 2128	2144	cmd.exe	30
PID 2144 wrote to memory of 2128	2144	cmd.exe	30
PID 2144 wrote to memory of 2128	2144	cmd.exe	30
PID 2144 wrote to memory of 2128	2144	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18dd9923a9ce15c8c745b65be3476710_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2128

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f90d3a78cd5d15eb0c3c9b732bdb4b4f

SHA1
b58a55bd7327ca19daa015a334dcdde3ba63bb97

SHA256
78150c78d91b19997257b32612f899be6850e566aef3b4806963db6bcac334f9

SHA512
b1fe91282577b22396b58f910eac1d4b799f4a0579b2048adfdf940d3924020050af79f5e2ee9f84b307b6b884b4539cffe7b4b8d9b3c465b52694f5031b86c1

Download Submit
memory/1232-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2128-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download