0b42f7679fd9d073b4979e6a9641bbda7e2ed0f740e56d039214340182e34af4

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 10:04

Target

7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe
Size

79KB
MD5

7f5574a5f01ef1d5ca7ac9786b112580
SHA1

c8ade6a1a9f8c9e6786607db52baeba8cd56aad3
SHA256

0b42f7679fd9d073b4979e6a9641bbda7e2ed0f740e56d039214340182e34af4
SHA512

05a6ff64b85c91c8785f768d97157f0ebb90daceec8515ed52350fb074aeb30c94088a287d567aa64178b54ee276e77988848e19d5a5f759b2641f21e6be01d2
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zv652PjGdqU7uy5w9WMyGN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3060	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3040	cmd.exe
3040	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3040	2904	7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe	29
PID 2904 wrote to memory of 3040	2904	7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe	29
PID 2904 wrote to memory of 3040	2904	7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe	29
PID 2904 wrote to memory of 3040	2904	7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe	29
PID 3040 wrote to memory of 3060	3040	cmd.exe	30
PID 3040 wrote to memory of 3060	3040	cmd.exe	30
PID 3040 wrote to memory of 3060	3040	cmd.exe	30
PID 3040 wrote to memory of 3060	3040	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7f5574a5f01ef1d5ca7ac9786b112580_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3060

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d29910dd4c9a5575b9e07bfdf98d2135

SHA1
d6a60d2532972aae0f94229942255de0fbc21045

SHA256
93661a289605fea1e5e41e36f1d95d1a856901f43c00c8fb21199f9d62b73b0f

SHA512
6fa73ef1a00c6579be8b211b9df683dc005782080941f31378be1816ba89d7975c08365bbc71d9738fb7d3eb132e1ba11644200325e584d6af9e625cac0dd3a2

Download Submit
memory/2904-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3060-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download