297467963fb79f407afe4861fa8ad2c69b2684041fd99beb5b24519b4313e78a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 00:51

Target

12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
Size

79KB
MD5

12100df35869f6dd51d0a164a556df00
SHA1

6a58d6562a129d6dc14b5ea70a581fffeabdc07a
SHA256

297467963fb79f407afe4861fa8ad2c69b2684041fd99beb5b24519b4313e78a
SHA512

82583fd870cc22e2aced7ce7bfa8d67b8509d2e8e12ae6d72e66830732711a0d1cda346fe0c3c67f3cb188916329cf63ccd29885b379df56196b5849f46312de
SSDEEP

1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2480	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2104	cmd.exe
2104	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2104	1908	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	29
PID 1908 wrote to memory of 2104	1908	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	29
PID 1908 wrote to memory of 2104	1908	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	29
PID 1908 wrote to memory of 2104	1908	12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe	29
PID 2104 wrote to memory of 2480	2104	cmd.exe	30
PID 2104 wrote to memory of 2480	2104	cmd.exe	30
PID 2104 wrote to memory of 2480	2104	cmd.exe	30
PID 2104 wrote to memory of 2480	2104	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12100df35869f6dd51d0a164a556df00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2480

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7b36d370766b88fac679230be2558a32

SHA1
8c14799f173c4fa2359ed138b03ef6cb911077e5

SHA256
69920a82806a226a62d617088de27ccbadec383ce36adc7364867fbbdc7f60f7

SHA512
050792dd2760eedc3d83422ed0339866a76c78742996432d2d07a3fed6ca91fed6695e3daedb07be956fc4ebc2f447f7ef23f8853739d98ef5d6666241c45ff9

Download Submit
memory/1908-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2480-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download