57203e17331be6404579f6499f5b1e1507b95a06bb6aa35a15d9d4559a8c71bc

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 00:42

Target

116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe
Size

79KB
MD5

116c3fef82f1236d048503d04ce868f0
SHA1

3976ae84f8c8b3c159c1635a2da98f3b20691f5a
SHA256

57203e17331be6404579f6499f5b1e1507b95a06bb6aa35a15d9d4559a8c71bc
SHA512

a5817b22b1f798ffa6c61861f9bd6e5eda66fed86fec40b263e901a7afe756d92d5c87596d42c709b0fc075f661acbc2d62c56dca3022d877e676e7a76e21b58
SSDEEP

1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yeB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyeN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2800	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2856	cmd.exe
2856	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2856	3012	116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2856	3012	116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2856	3012	116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2856	3012	116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe	29
PID 2856 wrote to memory of 2800	2856	cmd.exe	30
PID 2856 wrote to memory of 2800	2856	cmd.exe	30
PID 2856 wrote to memory of 2800	2856	cmd.exe	30
PID 2856 wrote to memory of 2800	2856	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\116c3fef82f1236d048503d04ce868f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2800

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
78c2875098fd53c929b70afd77552259

SHA1
2ccd4106f11335bb9317ecd568cb919d4cf645d0

SHA256
023aca80916ec1b514e74e11be7fe304eeb31a26ee5b0eb7da2d4c7e975fcfe6

SHA512
40fa4edab4fc974a098b5d93939c8e5d97799a637ec7e81e3fec1704b2bdd8074a5e001baa14458a22740a2c7a64f02d444a5d4346de9001bef203a53a8d6d7e

Download Submit
memory/2800-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3012-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download