3b1d5beeb6f985593cc71a382e4e159f91351922f435cc80c4c1ad3c3340b79a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 23:14

Target

266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe
Size

79KB
MD5

266c110f530a5d0c44be3b6bda846740
SHA1

b24b93cb6f890f11403044a473c210e94073f4ad
SHA256

3b1d5beeb6f985593cc71a382e4e159f91351922f435cc80c4c1ad3c3340b79a
SHA512

dff38ab94821119287067903e34f9e18d43fcac21727a2098bccddc2812926f3ff9d2db8f275f95186ba7359fa989ee5aea576eac9430840abd7225f02f39034
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2944	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2492	cmd.exe
2492	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2492	2792	266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe	29
PID 2792 wrote to memory of 2492	2792	266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe	29
PID 2792 wrote to memory of 2492	2792	266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe	29
PID 2792 wrote to memory of 2492	2792	266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe	29
PID 2492 wrote to memory of 2944	2492	cmd.exe	30
PID 2492 wrote to memory of 2944	2492	cmd.exe	30
PID 2492 wrote to memory of 2944	2492	cmd.exe	30
PID 2492 wrote to memory of 2944	2492	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\266c110f530a5d0c44be3b6bda846740_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2944

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
43049a3341adad4a7b4c28f711af060f

SHA1
22e43107a5b03443c6ab88a1cf08ca1d769ce4c5

SHA256
c4ad450709a2b74a0e581a374ab9e7d45231fdd4307d0f33bd6e330dd8f9299b

SHA512
e9e2b305b5afbcd7a500b143f0647f3ab9f2bfce2816810dcbb00c2aaeb08759a07eb32ab889ae98d7b5fe48c36388385221b6f07672ccfb187461aff8994424

Download Submit
memory/2792-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2944-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download