b8739d69e16d45d6a45ce5de17286751f69ab5fc11c72e21f6890c98c3c30ba2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 06:31

Target

7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe
Size

79KB
MD5

7d46b7e84cb8613bdfe818044eb41a80
SHA1

013511e54c2fb3ab8ba9bb9f80fafd5f15dfe5a6
SHA256

b8739d69e16d45d6a45ce5de17286751f69ab5fc11c72e21f6890c98c3c30ba2
SHA512

f61fb3a611691392289f0f4d04d831546c6c91fa139d7f90812700a5f168cb7bdd3bd6b88faf7f066b52b5d058d9939fe7d2b87b52ad6f885af8550d9972bd52
SSDEEP

1536:zvIrfPpJ2wPGPmjE8Sj4Q7OQA8AkqUhMb2nuy5wgIP0CSJ+5yH4B8GMGlZ5G:zv+3ptGeO0QqGdqU7uy5w9WMyYN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2956	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2784	cmd.exe
2784	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2784	1692	7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe	29
PID 1692 wrote to memory of 2784	1692	7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe	29
PID 1692 wrote to memory of 2784	1692	7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe	29
PID 1692 wrote to memory of 2784	1692	7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe	29
PID 2784 wrote to memory of 2956	2784	cmd.exe	30
PID 2784 wrote to memory of 2956	2784	cmd.exe	30
PID 2784 wrote to memory of 2956	2784	cmd.exe	30
PID 2784 wrote to memory of 2956	2784	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d46b7e84cb8613bdfe818044eb41a80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2956

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
048d45133356d5a44fa9245d148feb34

SHA1
2fd9cda2b428dfa9df869b651c76bc1ec5211770

SHA256
96c41b1c56423324e7dff60f07726d5ebad5236202bee21212b6cf575d268460

SHA512
5586a1e9db4ff58660e7ece2b0dadc6debd09d7bb6e44de7999907ec821beee27c99c9e055ce56eac4aacc22045ac186452fd50555cfa9dfd5cad5ebe9e97f49

Download Submit
memory/1692-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2956-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download