019c4b6ce758794f56841c23ea08b07a803bc161eea4e83ef7a3917065e6e074

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 21:11

Target

020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
Size

79KB
MD5

020eed924a280054c4539ec0404d6da0
SHA1

a691838dfdba8fa784fd6afaab8547bb7a6139ac
SHA256

019c4b6ce758794f56841c23ea08b07a803bc161eea4e83ef7a3917065e6e074
SHA512

3b230e077abaf15b5355ecc8d9de23c364a3838bb2586dea1f0c591cf4fdc9999b231df31cb2fe7a2dcab50b162e7b1f0d9042da74102cab76ef637890cbc9f7
SSDEEP

1536:zvOjaGdq/bOXbIv3YOQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zvOjapaYGdqU7uy5w9WMy0N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3052	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
764	cmd.exe
764	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 764	2956	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 764	2956	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 764	2956	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 764	2956	020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe	29
PID 764 wrote to memory of 3052	764	cmd.exe	30
PID 764 wrote to memory of 3052	764	cmd.exe	30
PID 764 wrote to memory of 3052	764	cmd.exe	30
PID 764 wrote to memory of 3052	764	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\020eed924a280054c4539ec0404d6da0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:764
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3052

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
49caf46630fa1da76f622b61e8dd1bb5

SHA1
3c7d8c9d5ef80a42b605a179f872faa93d8113f8

SHA256
0ae98037ec3d8feefc9977ff9dce52374868384c97fce1e2c61ab43f5f5435f0

SHA512
4760180c47f61fa54b39cc17e97da63f4fd35b6772e856736cc3e83b7fe28605edeb241c69aa843e89a8a782cfcce2a2eb27883b9366e91b9a0482ad929d47af

Download Submit
memory/2956-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3052-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download