bcabc2d0dc4de0578699ad54dd0ea151ef0e917e1008dd5687bc3609338df4f9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 14:42

Target

0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe
Size

79KB
MD5

0a214f17788cd6373e2e3ba0f27b0aa0
SHA1

2c659c1fdd5c35c8c85e000362a9b59ebabc17cc
SHA256

bcabc2d0dc4de0578699ad54dd0ea151ef0e917e1008dd5687bc3609338df4f9
SHA512

a794c0abd441db6301d34b035988a79ee32dc91a303361ce437df14cd054399f6769af48b473ee26fa6ec0dca31c90438e0826b91f245f588b77531a62469611
SSDEEP

1536:zvwi2cZZ/v1vhdHOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvyGZ1JduGdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3040	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3028	cmd.exe
3028	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3028	2936	0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 3028	2936	0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 3028	2936	0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 3028	2936	0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe	29
PID 3028 wrote to memory of 3040	3028	cmd.exe	30
PID 3028 wrote to memory of 3040	3028	cmd.exe	30
PID 3028 wrote to memory of 3040	3028	cmd.exe	30
PID 3028 wrote to memory of 3040	3028	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0a214f17788cd6373e2e3ba0f27b0aa0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3040

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
72e0d841fdf4c39ed8803ae261d1fc71

SHA1
322d50eab2105fb0a501123bc2b367d28acfae0d

SHA256
5c047fbd7a18a08fe54fb0b5d1a3e40b787338d7193d1b48050942d911e59750

SHA512
20a65d6eb9e55b43c51dd21969f305f12bcc7d7d443c85d72455d7994fe8a9d48f650357242711f2b61dc8eabbc908d2da73dea9f799cf3d0d763fcca31edfa0

Download Submit
memory/2936-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3040-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download