0af82fa52a06d764af60d419c0d1b2c87dba7cd3028c5bdedc0744cf3bfc052f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 23:28

Target

26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe
Size

79KB
MD5

26f718944c59bb526d3b9a06f2659b80
SHA1

e901df2073539ce39063b7751bfeff7627fa05a7
SHA256

0af82fa52a06d764af60d419c0d1b2c87dba7cd3028c5bdedc0744cf3bfc052f
SHA512

9e3d33e47cecec1cfad15f47ba98399f5a6dd9e0b37d3e15948d5b61e8aa5aede242fcf4f7007508a7bc10a57397d3ed304d7da474d7338839849155b36ccbd1
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1832	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2380	cmd.exe
2380	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2380	2320	26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe	29
PID 2320 wrote to memory of 2380	2320	26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe	29
PID 2320 wrote to memory of 2380	2320	26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe	29
PID 2320 wrote to memory of 2380	2320	26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe	29
PID 2380 wrote to memory of 1832	2380	cmd.exe	30
PID 2380 wrote to memory of 1832	2380	cmd.exe	30
PID 2380 wrote to memory of 1832	2380	cmd.exe	30
PID 2380 wrote to memory of 1832	2380	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\26f718944c59bb526d3b9a06f2659b80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1832

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e136883099062da172b3ea70156f95f5

SHA1
74602104b9b9011744843effc74baaae8acd10c8

SHA256
a920a40495019b5e5055bd6384005656e2499396d107b960225015d9df92b622

SHA512
57877e7e25f4f478eb1aa1853a934138afa2429571b2ae8edfa3ff0b323fde79502f2e1f55d386cd72911ebd34a74c80c68805f6621a389276e314173e0e0562

Download Submit
memory/1832-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2320-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download