d2a238b9ebf998c38e49b3e81d76b65c111bd3255c4c2a32f34693e63e4d104f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 02:02

Target

17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe
Size

79KB
MD5

17a788de28b9676ea099fd61631fe370
SHA1

7a424982e04a6aa2cc95c087ad425343c93c5ff7
SHA256

d2a238b9ebf998c38e49b3e81d76b65c111bd3255c4c2a32f34693e63e4d104f
SHA512

75bc240a0891fd7c3e1bc50726dd1cf43467f72aa54f8e1c8d7ccbd12f8bc418ae0bb0242cc221ee03bdca08b3498640747d652c5a83a90c523232916c028ede
SSDEEP

1536:zvKF4uRm+53CRfNducyOQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvNuAjGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2992	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2020	cmd.exe
2020	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 2020	1296	17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe	29
PID 1296 wrote to memory of 2020	1296	17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe	29
PID 1296 wrote to memory of 2020	1296	17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe	29
PID 1296 wrote to memory of 2020	1296	17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe	29
PID 2020 wrote to memory of 2992	2020	cmd.exe	30
PID 2020 wrote to memory of 2992	2020	cmd.exe	30
PID 2020 wrote to memory of 2992	2020	cmd.exe	30
PID 2020 wrote to memory of 2992	2020	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\17a788de28b9676ea099fd61631fe370_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2992

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f9e43e11282e9b31e9c145055cb1e518

SHA1
659e30f7b63f29413cd88939206755ae34852223

SHA256
ae4e0ea13817d12b965093851843d25f2907573ba0dd13e51f7e90dc0f9dcce0

SHA512
3ba2e356086df6993527175ba9981c6aa8e660145b0551e3a453332b5bee75ad7a0cc9c5e9c948fed19dc6c87b6d036dc419576b30a5d26697de2da73f57b2a4

Download Submit
memory/1296-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2992-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download