d40814fdf2fdcf91b9073dc26d505da287831f9db30a4bc7af2e9a5cefe3055d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 14:58

Target

0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe
Size

79KB
MD5

0b80178877a6bd407860aec9237374b0
SHA1

5b42621d5c1ef6bd83331cc340e6d2c5bd0382ab
SHA256

d40814fdf2fdcf91b9073dc26d505da287831f9db30a4bc7af2e9a5cefe3055d
SHA512

a4ad23a8bd932f1bd38891742afdd0d2ed0e62ec1e964980c1a2eef55f01a903f2f66c6a758c6cbebd26424cd147215adb29f74451a7ddaa2d1f400b9baa934f
SSDEEP

1536:zvvphnrLIXPSh4MOQA8AkqUhMb2nuy5wgIP0CSJ+5ypB8GMGlZ5G:zvvfXIXG45GdqU7uy5w9WMypN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2064	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2980	cmd.exe
2980	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2980	1868	0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe	29
PID 1868 wrote to memory of 2980	1868	0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe	29
PID 1868 wrote to memory of 2980	1868	0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe	29
PID 1868 wrote to memory of 2980	1868	0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe	29
PID 2980 wrote to memory of 2064	2980	cmd.exe	30
PID 2980 wrote to memory of 2064	2980	cmd.exe	30
PID 2980 wrote to memory of 2064	2980	cmd.exe	30
PID 2980 wrote to memory of 2064	2980	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0b80178877a6bd407860aec9237374b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2064

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
936b8468ecbe9e603d960b7cd7dfb917

SHA1
e43266f8573a9210e0b0d5782a70ad539fc1a75a

SHA256
62b6c154cb075ef5575d6a671cc19f0d145dc53d42cd546b9449943ad6671cf4

SHA512
08c85ad747bd42059291c72786d29728196ceb927a43a86b7be5eb0cda0d8a1aaf8bcf257ebacc1901c78e632b313a4b23f3a8b4e2bcf8c8d415f9b73a841638

Download Submit
memory/1868-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2064-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download