6361ff0b87ba8006c8cc2d8f2739eb9b29d3c7b222b6c710e1c3b8c621132eac

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 21:31

Target

03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe
Size

79KB
MD5

03e06979e2cba19d419edf2a5fa340d0
SHA1

e1e6479b98963d68c3b74f7aaac730b114acf094
SHA256

6361ff0b87ba8006c8cc2d8f2739eb9b29d3c7b222b6c710e1c3b8c621132eac
SHA512

1aea0c8f5cc818a3e96f6d16b8c47e409109b65df441054e49980b5bb4add072ce6a57e2690870299714e3546aa3c6ab01dc183b9c041ac1c1856af209c7df64
SSDEEP

1536:zvdpDHWjMdEtZeZv9OQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvdpCIcmvkGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2216	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2052	cmd.exe
2052	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2052	2808	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	29
PID 2808 wrote to memory of 2052	2808	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	29
PID 2808 wrote to memory of 2052	2808	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	29
PID 2808 wrote to memory of 2052	2808	03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe	29
PID 2052 wrote to memory of 2216	2052	cmd.exe	30
PID 2052 wrote to memory of 2216	2052	cmd.exe	30
PID 2052 wrote to memory of 2216	2052	cmd.exe	30
PID 2052 wrote to memory of 2216	2052	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\03e06979e2cba19d419edf2a5fa340d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2216

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
442c3a38360c8c0cf0b995d6a2ed0447

SHA1
abfaf5c43cd2a8132a9424e595707062cd26cd57

SHA256
df230e13c1ffa64361f746a5ccce6c11aad2bec7ff089a8ab6433869945b248b

SHA512
e2d5fdc5d93345f7a275b2ee5ad1c91c43d59bd4f273c7779d9d11e0133bf65c28d637e7c1041260c758ce7bc752ed499eba82db534d9e543704c67105913e69

Download Submit
memory/2216-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2808-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download