f0ce86ae7d5bc7d260608d6de3628338ff64b1033967b203f7ca5e91c2501977

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 21:28

Target

1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe
Size

79KB
MD5

1c8c1b93b29b2d935e36362f65cc0150
SHA1

3e6978390354db1689f429d4a73165f2e92b1e64
SHA256

f0ce86ae7d5bc7d260608d6de3628338ff64b1033967b203f7ca5e91c2501977
SHA512

f0cceacbac47a3c3f3bc5d0aaa30fcff5c250c73e441a9570201c57b778191e9e0dbf43b1f525ffa782527428f09fa9fb0ff9435b7ad05328c3fe524111cba32
SSDEEP

1536:zvUaySa+bHSOR6POQA8AkqUhMb2nuy5wgIP0CSJ+5yyB8GMGlZ5G:zv6wHn6mGdqU7uy5w9WMyyN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1724	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2172	cmd.exe
2172	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2172	2268	1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe	29
PID 2268 wrote to memory of 2172	2268	1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe	29
PID 2268 wrote to memory of 2172	2268	1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe	29
PID 2268 wrote to memory of 2172	2268	1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 1724	2172	cmd.exe	30
PID 2172 wrote to memory of 1724	2172	cmd.exe	30
PID 2172 wrote to memory of 1724	2172	cmd.exe	30
PID 2172 wrote to memory of 1724	2172	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1c8c1b93b29b2d935e36362f65cc0150_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1724

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1c42d4314f1cb953894d0b7bcec4795a

SHA1
504e9db8210444e4475a827ccd25adde78dac2f3

SHA256
3698420433d2a859a3d9e38045214f3fcd017ebbdff397cb8383940cd83aca96

SHA512
45393061c57ba46330fe40c945abee2eba3baa46f2983c406195654e7e2173c951eddf2e7f17bac9d16fe65624f48ddd7ebdde8a11b77939afef7fcc2f787560

Download Submit
memory/1724-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2268-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download