84635e90404fcc932ff85bc3a33ff342824a5158849d1707c56a9f7cc60d53d1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 04:05

Target

1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe
Size

79KB
MD5

1e1c5dfec5351bb27eb0e910deaf0010
SHA1

71b2543820d9e275b2f23d76321adfc4b13fb60f
SHA256

84635e90404fcc932ff85bc3a33ff342824a5158849d1707c56a9f7cc60d53d1
SHA512

e820b71d03a9a7d1cea5868ffa8f73cb6729b8b27e8c96117a56b198756fb32194e95f0b89ff54e0d4f07c64af97774429b220224eed116d77e43f13dc78ef48
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2096	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3056	cmd.exe
3056	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3056	2152	1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe	29
PID 2152 wrote to memory of 3056	2152	1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe	29
PID 2152 wrote to memory of 3056	2152	1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe	29
PID 2152 wrote to memory of 3056	2152	1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 2096	3056	cmd.exe	30
PID 3056 wrote to memory of 2096	3056	cmd.exe	30
PID 3056 wrote to memory of 2096	3056	cmd.exe	30
PID 3056 wrote to memory of 2096	3056	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e1c5dfec5351bb27eb0e910deaf0010_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2096

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3f1f845c4b83381675fdf11f5b846d57

SHA1
f3c857b944f5bd65af7324fa4d2a03e5f9446915

SHA256
5b8982b3577d72940cd0604c59feabab1c99123436238abf3d8cdae98856d95e

SHA512
d3c0bdb38e513b023780abdb351f6b3a436e7c090a14c90fd20d71b2b24664bc8beee57775a982c7e81d4f66aeb3dd405fadd73fdc718358342274bb950304f3

Download Submit
memory/2096-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2152-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download