4321fae2448cfbce6961df228b31019a873469d1a60d9bb7e3fabe10bccf8729

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 15:54

Target

106a532afead5781190f646d57ff5780_NeikiAnalytics.exe
Size

79KB
MD5

106a532afead5781190f646d57ff5780
SHA1

3f0f52fda3f6040cf416af4654ecb8a9b19f1dbf
SHA256

4321fae2448cfbce6961df228b31019a873469d1a60d9bb7e3fabe10bccf8729
SHA512

7ca8994f6b00d649d1c1ff8e9d75fb6df18d3d50dea583c789fab4fb8abde9fc373c2715c6bd2fe8704878aca0b4fdc73e06bf37155f57a8c04638ee6fe94ded
SSDEEP

1536:zvQaoL+gLpOQA8AkqUhMb2nuy5wgIP0CSJ+5yjB8GMGlZ5G:zvNngLoGdqU7uy5w9WMyjN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2304	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1636	cmd.exe
1636	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1636	2920	106a532afead5781190f646d57ff5780_NeikiAnalytics.exe	29
PID 2920 wrote to memory of 1636	2920	106a532afead5781190f646d57ff5780_NeikiAnalytics.exe	29
PID 2920 wrote to memory of 1636	2920	106a532afead5781190f646d57ff5780_NeikiAnalytics.exe	29
PID 2920 wrote to memory of 1636	2920	106a532afead5781190f646d57ff5780_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2304	1636	cmd.exe	30
PID 1636 wrote to memory of 2304	1636	cmd.exe	30
PID 1636 wrote to memory of 2304	1636	cmd.exe	30
PID 1636 wrote to memory of 2304	1636	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\106a532afead5781190f646d57ff5780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\106a532afead5781190f646d57ff5780_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2304

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
61c65465687d02d2ee8b14f531f691a0

SHA1
59faaecf72fb64eac6a1bf2cbdd2cd57ae93fb8e

SHA256
a9204e13c4909e41f0102998982eb4f99cdf1763fea7b2c482a224143fe0bcd8

SHA512
5ee04d5fe32fd15c48d925ab7b58ddcda5865d7106836702e95bed8b4ac808c4870487259e96f52b6a0b392fc68b4b76ee4cf7170249ed81ec51bfbaa93fb0e5

Download Submit
memory/2304-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2920-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download