730f0df403ed5e20309532daf30fbba15607dd632d1d7225fe1251b31e920b90

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 06:30

Target

7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe
Size

73KB
MD5

7d178ff934477ccd80e47cee1cb81210
SHA1

ce8a2994925d3d6d737a9ba48f2dba12d1085e1a
SHA256

730f0df403ed5e20309532daf30fbba15607dd632d1d7225fe1251b31e920b90
SHA512

ed0024a9f9d7b01da9702e34c2ec41daaad855669537df9b66ea1a52f3f84e53ca676f1c6ff71d3a92b07be4e92407cec39cd70b9f9fdaf956c802d680974c32
SSDEEP

1536:hbPerSI+0NsuK5QPqfhVWbdsmA+RjPFLC+e5hA0ZGUGf2g:hCeXXuNPqfcxA+HFshAOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2200	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2196	cmd.exe
2196	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2196	3028	7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe	29
PID 3028 wrote to memory of 2196	3028	7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe	29
PID 3028 wrote to memory of 2196	3028	7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe	29
PID 3028 wrote to memory of 2196	3028	7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe	29
PID 2196 wrote to memory of 2200	2196	cmd.exe	30
PID 2196 wrote to memory of 2200	2196	cmd.exe	30
PID 2196 wrote to memory of 2200	2196	cmd.exe	30
PID 2196 wrote to memory of 2200	2196	cmd.exe	30
PID 2200 wrote to memory of 1532	2200	[email protected]	31
PID 2200 wrote to memory of 1532	2200	[email protected]	31
PID 2200 wrote to memory of 1532	2200	[email protected]	31
PID 2200 wrote to memory of 1532	2200	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7d178ff934477ccd80e47cee1cb81210_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2200
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1532

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
132b4159be0137fa21d342808a654618

SHA1
76c8386acc67c05d2c038f6a9332483b8702eea3

SHA256
f6b0296de8a22011c47ca2e2126534b2c8e259ea7b3769240281cba526f9ec2d

SHA512
93a39dfe174a6fb03d97f3ed79ba99df4736d32038942840b4f667dd19e987e12f8b0ee0255d51a1bdc02bc7688779d4bb5cb0277b6107096e08bd8282ac65b6

Download Submit
memory/2200-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3028-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download