8b71ade8c285672803a93eb2c8862b2e2deb1983c0f3c106893a51d832a19533

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 17:58

Target

1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe
Size

79KB
MD5

1aa65c2bb347539b57836b52567b4ef0
SHA1

3145b3863fc0f299a8d155279da115794fe89d04
SHA256

8b71ade8c285672803a93eb2c8862b2e2deb1983c0f3c106893a51d832a19533
SHA512

aa89c03d57b1dd63af10fc50414ddfb12ac291eedb17bb4f85dcb83f914193ae6b1ba5387536b7c6791498a44c39655869b922cc8588ffaec91ac4647e12d51e
SSDEEP

1536:zvNCFFFj+rLmZkAelOQA8AkqUhMb2nuy5wgIP0CSJ+5yJbB8GMGlZ5G:zvEFFFj+rLokALGdqU7uy5w9WMyJbN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2636	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1980	cmd.exe
1980	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1980	1860	1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe	29
PID 1860 wrote to memory of 1980	1860	1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe	29
PID 1860 wrote to memory of 1980	1860	1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe	29
PID 1860 wrote to memory of 1980	1860	1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe	29
PID 1980 wrote to memory of 2636	1980	cmd.exe	30
PID 1980 wrote to memory of 2636	1980	cmd.exe	30
PID 1980 wrote to memory of 2636	1980	cmd.exe	30
PID 1980 wrote to memory of 2636	1980	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1aa65c2bb347539b57836b52567b4ef0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1980
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2636

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
404836d10015709f98579693b2a25892

SHA1
0929852bf497b0ecef44ae77b19f6bd6416a478b

SHA256
f4f233cfef4ec7adf14db694cfece84234422ba36957c74871d9da4110fafd8c

SHA512
788afd20ac6349305fa6de19bddf7e27e45e11dfd6079d13abd40801b21a0fce310a968e8a8598248e80a3b33b364349e5b462d79b163698999a8482df665b9c

Download Submit
memory/1860-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2636-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download