82c162312e6966f58ad1c558ca650f439329eb12969502401f53c4b370f91fb7

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 14:50

Target

0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe
Size

79KB
MD5

0acc5bbe82d841239335f5b94e9b8250
SHA1

0c7dc0a9b703d67fcaca10c1584036bbf0f6803b
SHA256

82c162312e6966f58ad1c558ca650f439329eb12969502401f53c4b370f91fb7
SHA512

9bc1e6196311cd88744841f3d1073e5b7af0a7868206587edf819b943f04ab3c62dfb5f0974ff4ea405ab9315f26f6a36e9b003f52a761b92be12c00744ebe9c
SSDEEP

1536:zv/lvsoH+/9uYOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvNvsoe1u9GdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2672	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2064	cmd.exe
2064	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2064	1732	0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe	29
PID 1732 wrote to memory of 2064	1732	0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe	29
PID 1732 wrote to memory of 2064	1732	0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe	29
PID 1732 wrote to memory of 2064	1732	0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe	29
PID 2064 wrote to memory of 2672	2064	cmd.exe	30
PID 2064 wrote to memory of 2672	2064	cmd.exe	30
PID 2064 wrote to memory of 2672	2064	cmd.exe	30
PID 2064 wrote to memory of 2672	2064	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0acc5bbe82d841239335f5b94e9b8250_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2672

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fbe0036f3610ff1314d5b2243910ec77

SHA1
01c7da695c9175179d57aa318ea0bcc7735d7bf0

SHA256
7786248d2208642c6f614a5719d0b0c31fe463ecad4ec0d4404cba9df00c7826

SHA512
4c35eae5d2556107e2b82fc0139f6e957192a903866b6eee5b598c22740aebdbaacbd37b326534a480535d9765214788ebaf48edc366b03a6ea1be4ef5fb5454

Download Submit
memory/1732-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2672-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download