6497858577a5040f9f3f04e2a26f383cc770ff4afe07e082be3b6164980188d8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 20:23

Target

633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe
Size

79KB
MD5

633cb9d501e0814da0559e64bfe26f80
SHA1

50086d3e72e60d91b4f4cf5e98498b7e3b924d09
SHA256

6497858577a5040f9f3f04e2a26f383cc770ff4afe07e082be3b6164980188d8
SHA512

8a90c77bed92f317d1c08c465d58484bd264ffcb29524eeb421ce3bdec5601ff7e66b07018289bd3a139f06343c713e4acd160fa44186cb202602bcd67727fb1
SSDEEP

1536:zvzdkC8i9qpmrOQA8AkqUhMb2nuy5wgIP0CSJ+5y57B8GMGlZ5G:zvzCC8mqpm6GdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2648	cmd.exe
2648	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2648	1912	633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe	29
PID 1912 wrote to memory of 2648	1912	633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe	29
PID 1912 wrote to memory of 2648	1912	633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe	29
PID 1912 wrote to memory of 2648	1912	633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe	29
PID 2648 wrote to memory of 2456	2648	cmd.exe	30
PID 2648 wrote to memory of 2456	2648	cmd.exe	30
PID 2648 wrote to memory of 2456	2648	cmd.exe	30
PID 2648 wrote to memory of 2456	2648	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\633cb9d501e0814da0559e64bfe26f80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2456

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bb5629c97075412fa4e793ded743fc1f

SHA1
24c2c2fefaad918a5de566a66ec320a26175a2f8

SHA256
d260c339e9d29320329cce2222e342aa90dc5b4e8abbf9a688d5e155c7a52830

SHA512
510d929a1c3826e78c912bafb4df15fd676596b5a9915a1ff401268a6c0f63747a09c2f2bee06d93e96f0097793985a40c6ded5481b98fe9b5715005a216874a

Download Submit
memory/1912-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2456-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download