d537ff0352e6cfa2e49b3eff2ed7ea0c69b4381973431180c0ea7cd2df81e8dd

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 17:08

Target

16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe
Size

79KB
MD5

16c9a22ce803327a936588476ea07920
SHA1

bf59d7b2e958071a0707fe3740a95e8e2d14e29b
SHA256

d537ff0352e6cfa2e49b3eff2ed7ea0c69b4381973431180c0ea7cd2df81e8dd
SHA512

87c15ef21b328d11ce68bb0df83879b77ebb587a3c1b3dc9341bca4e8d52c63e22690ae581579feec8c8257630953efee4cb7aee687f14a47c8e2e00f7e3c8dd
SSDEEP

1536:zvFuZU9NJ+5jNsEqOQA8AkqUhMb2nuy5wgIP0CSJ+5yPxB8GMGlZ5G:zvFuZUJ+5jNFGdqU7uy5w9WMyPxN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2240	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1280	cmd.exe
1280	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1280	2436	16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe	29
PID 2436 wrote to memory of 1280	2436	16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe	29
PID 2436 wrote to memory of 1280	2436	16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe	29
PID 2436 wrote to memory of 1280	2436	16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe	29
PID 1280 wrote to memory of 2240	1280	cmd.exe	30
PID 1280 wrote to memory of 2240	1280	cmd.exe	30
PID 1280 wrote to memory of 2240	1280	cmd.exe	30
PID 1280 wrote to memory of 2240	1280	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\16c9a22ce803327a936588476ea07920_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1280
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2240

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
31564a494954988ccff0a650a1af1dd5

SHA1
cb2bfd196a266a469a62a9898b530a9087f2693f

SHA256
649ec214e41de8ac67b12acf5d2d52e254abdb2d95991aa938ae220c4372e8b6

SHA512
c0037dc36b2220e54992c53f71e518650e0de5f9a7b7159b639ec50834ca3f1ce4ece888d879802d3670097e121a070d078285d89206c5c561c888c88dcb5358

Download Submit
memory/2240-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2436-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download