ae3d043eab55f81893e3876658b85bc68906acb59d6794f3a0455346f3215e2d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 19:58

Target

e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe
Size

79KB
MD5

e949a8de8634af1527b3bd5eb113fc20
SHA1

7183b085bde2873d4e0f456ea03d7109f17737d5
SHA256

ae3d043eab55f81893e3876658b85bc68906acb59d6794f3a0455346f3215e2d
SHA512

5afaa5cb07c20919a28da14ce71d0c23cb4c57a350689b814606be34ba29c1e9eb89e1c9b11207e03f1291e3321f4349a14ed4139f886a36c406554ba452e5c4
SSDEEP

1536:zvJRAT+S0kaNVu9TOQA8AkqUhMb2nuy5wgIP0CSJ+5y+AB8GMGlZ5G:zvJR6Z0FNVuUGdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2352	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2516	cmd.exe
2516	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 2516	1032	e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe	29
PID 1032 wrote to memory of 2516	1032	e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe	29
PID 1032 wrote to memory of 2516	1032	e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe	29
PID 1032 wrote to memory of 2516	1032	e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe	29
PID 2516 wrote to memory of 2352	2516	cmd.exe	30
PID 2516 wrote to memory of 2352	2516	cmd.exe	30
PID 2516 wrote to memory of 2352	2516	cmd.exe	30
PID 2516 wrote to memory of 2352	2516	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e949a8de8634af1527b3bd5eb113fc20_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2352

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2da87b79be36f289386c81c7ccaa757e

SHA1
1a473dab76d2060ff237079877885665e248077a

SHA256
1261254ad3649c7032f7f0fa503d6b68d5977c976e1ff4b3b52632b9ef93ef59

SHA512
8dbca2f39a4a6b73647f93e213d1ef7c75a1476d5c6a3953d5a8f0a71ef7faa59b36c42db604911707b3529f12be99859925fca2a6be3ed98bbca40d56f9e99f

Download Submit
memory/1032-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2352-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download