c1cc9aece5a9c1742ec15996cdabf7a5fe07e65e5e06e5c79e864cf64cf4077e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 07:31

Target

252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe
Size

79KB
MD5

252ab6bd9459b3a4dff33206e4208d70
SHA1

74a8519325ad677fc8d06ce37b04cf3cac29ac08
SHA256

c1cc9aece5a9c1742ec15996cdabf7a5fe07e65e5e06e5c79e864cf64cf4077e
SHA512

19051497cfa462da78482139f341f33cc35cf493c262c104c19857e25eee9bdae22b788ad5d70d4acdf03d8be903b9016f130b4706b9414d09c5a73a9f377353
SSDEEP

1536:zvDDZmDCzNkEaXOQA8AkqUhMb2nuy5wgIP0CSJ+5yfB8GMGlZ5G:zvu4NR7GdqU7uy5w9WMyfN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2728	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1640	cmd.exe
1640	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1640	1984	252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe	29
PID 1984 wrote to memory of 1640	1984	252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe	29
PID 1984 wrote to memory of 1640	1984	252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe	29
PID 1984 wrote to memory of 1640	1984	252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe	29
PID 1640 wrote to memory of 2728	1640	cmd.exe	30
PID 1640 wrote to memory of 2728	1640	cmd.exe	30
PID 1640 wrote to memory of 2728	1640	cmd.exe	30
PID 1640 wrote to memory of 2728	1640	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\252ab6bd9459b3a4dff33206e4208d70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1640
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2728

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
74a59fba98424397b2de430ed66a2b41

SHA1
94f479cfead6e8d9a9c3fff9062487f5a1e52dda

SHA256
4f85582be82facdc05db3406db3aa94b6a578e78bcc32ec682bc6bc8987b943c

SHA512
2eb709cf5450f7cc6fc55d90685b35cf0c24d10a8944d1ed4d3de61a79f08ce283e2db0746507e9feff6a5d51f16006387fcbbeb1dfbaa21033adb27e81b12c5

Download Submit
memory/1984-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2728-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download