41eb1517308ce07795bfa327226a51f27ad27b89a72130e1bdbf9c9fdaae5fa8

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 05:46

Target

751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe
Size

79KB
MD5

751105ee78c8f333f667b970c6917150
SHA1

348f4cd74282aa25fec6cdf4101faefcec3be156
SHA256

41eb1517308ce07795bfa327226a51f27ad27b89a72130e1bdbf9c9fdaae5fa8
SHA512

8a08d6d8e5c3012b984787ef549e862c8230043fab139460c43a4e4da4017fc119fa3ffad83f0b7c703149d7c4786462dec9bfa668474471f1a3c1c751ff9ca1
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2932	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2936	cmd.exe
2936	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2936	1660	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	29
PID 1660 wrote to memory of 2936	1660	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	29
PID 1660 wrote to memory of 2936	1660	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	29
PID 1660 wrote to memory of 2936	1660	751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 2932	2936	cmd.exe	30
PID 2936 wrote to memory of 2932	2936	cmd.exe	30
PID 2936 wrote to memory of 2932	2936	cmd.exe	30
PID 2936 wrote to memory of 2932	2936	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\751105ee78c8f333f667b970c6917150_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2932

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
52511ece00fba98e110361d73da4995d

SHA1
ead22ecc6141595cb5214c348bbdfccfaa575416

SHA256
e451b83b83e2ae14a8828a123ae9a2d86ac7498b9382d2dd751dd2b99269d8f0

SHA512
16537fd695b960567022ffede097118468ccd0b3f9b419d8cadd8726b2bf4adfd17979144b50f18bdb4d637ead1ee60425ed4c71f5f6df41add8b5a8f697b0aa

Download Submit
memory/1660-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2932-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download