2a8d273a1a20f1ae40823a8a7304accd189ae648ada2500121acca3f18035700

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 16:24

Target

1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe
Size

79KB
MD5

1325dbe1c3767432caec068bb48696b0
SHA1

b869933ada1545e6929b9865f7084aed9fcbe868
SHA256

2a8d273a1a20f1ae40823a8a7304accd189ae648ada2500121acca3f18035700
SHA512

636971873b925aac64353ffad2cd439d35c6ff82e0475a7e196032d2f09c841cec347441f0349d94cd4a431e55f3083c1ff01a4ee7439acd86a98723f4cabc0e
SSDEEP

1536:zvqdANke+cTyY27OQA8AkqUhMb2nuy5wgIP0CSJ+5ytB8GMGlZ5G:zvqSye+ElGdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2516	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2864	cmd.exe
2864	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2864	1368	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 2864	1368	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 2864	1368	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 2864	1368	1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe	29
PID 2864 wrote to memory of 2516	2864	cmd.exe	30
PID 2864 wrote to memory of 2516	2864	cmd.exe	30
PID 2864 wrote to memory of 2516	2864	cmd.exe	30
PID 2864 wrote to memory of 2516	2864	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1325dbe1c3767432caec068bb48696b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2516

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5fc7806bd67dea3e5eb5ccc0a4f5e342

SHA1
a327df37961979ca5488c100d54960fc1cdc4546

SHA256
2af071ef9975cd65cb5e5605ac7f6ebc3a12c9be43719e0d190016ba4a898bf1

SHA512
4abc3731e371999c1111ba2075c044e24729b7627a0f4a7bed04e406587bd9dcc6a1682b6eca143de4414e14afb3a72a33546cbe27d160c1da420e7fd53a4329

Download Submit
memory/1368-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2516-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download