745140a655caa43a289e008be4690e808c8360bb6bc3551ff8be49aeb8d3e0cb

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 02:08

Target

4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe
Size

79KB
MD5

4fcb0f18dd4569ecf00757b920838a30
SHA1

d436eef86681daf1108cdee22f01f76ff01dc913
SHA256

745140a655caa43a289e008be4690e808c8360bb6bc3551ff8be49aeb8d3e0cb
SHA512

e94fe9685a2db80817f0c31667b30edf08a14c7a6dee4fd21b3a79edf6ef41e24b21a03ff67fdef0a731b4fd075a6c15d59663907b954d22ec68bbb9167eb0ba
SSDEEP

1536:zvjmaK0I+pDMPoOQA8AkqUhMb2nuy5wgIP0CSJ+5yT6B8GMGlZ5G:zvCabIVPtGdqU7uy5w9WMyeN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2352	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2324	cmd.exe
2324	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2324	1392	4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe	29
PID 1392 wrote to memory of 2324	1392	4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe	29
PID 1392 wrote to memory of 2324	1392	4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe	29
PID 1392 wrote to memory of 2324	1392	4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe	29
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2324 wrote to memory of 2352	2324	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4fcb0f18dd4569ecf00757b920838a30_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2352

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
224ce8303aad1f1a223c1909158fb039

SHA1
b41d1d5b2666b557a4be05e3b013b9577d2a7743

SHA256
c2205752afabcf521c22e6ebadf22866611dbc1c36ceda4b6a07d37f05310450

SHA512
d038e9e938d4c23abb31a07703d0225deb4e67635389ef1a75e13440c802a659cd0a0edafbeb1a080b61d6955cd6d7eb15403f15481da6e16d748439618af00f

Download Submit
memory/1392-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2352-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download