1c66a2b04a6d7aed9aefe90c8ec78480eb7d0c2135b608e1c69df5f4a3a5ab2d

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 01:03

Target

12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe
Size

79KB
MD5

12e8c44433553af50c6d7fedcea3fa60
SHA1

8e471a1e2592746de32166fb8f64ac635628d509
SHA256

1c66a2b04a6d7aed9aefe90c8ec78480eb7d0c2135b608e1c69df5f4a3a5ab2d
SHA512

faa8e6481982fb989abbf279a9a53dd8dcd33573bebbd27be562eb1ab2a72288aa7588b401a3a2fa55519104d852bf8e9a8f499386925981fce6cd83c09881e6
SSDEEP

1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5ytB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2596	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2464	cmd.exe
2464	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 2464	1212	12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe	29
PID 1212 wrote to memory of 2464	1212	12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe	29
PID 1212 wrote to memory of 2464	1212	12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe	29
PID 1212 wrote to memory of 2464	1212	12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe	29
PID 2464 wrote to memory of 2596	2464	cmd.exe	30
PID 2464 wrote to memory of 2596	2464	cmd.exe	30
PID 2464 wrote to memory of 2596	2464	cmd.exe	30
PID 2464 wrote to memory of 2596	2464	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12e8c44433553af50c6d7fedcea3fa60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2596

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6cd12dd3bc75dbe0dce7a4fea3855cbf

SHA1
cb3906bfa800a25cfcdda86a914fdf32c6a8b4b2

SHA256
5602334b588fd473e6bb1fb108d0d96f919467692d22ecd7d55d41be29e73f03

SHA512
d863f3ceffd5449cb2d27d3c3b957b56f1a3d91d041a16518b0ee93e94560ae1677d19067dd0113527b7e09ce3c664f3ff54017241a68912e21cdb4d54ebdbca

Download Submit
memory/1212-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2596-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download