4b63dc3c8e90ef095989e53256a8b7f990c0db28c2a11e2fba23313723f85873

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 08:25

Target

5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe
Size

79KB
MD5

5a776d9325582a8eba6d08b8e4ae2260
SHA1

4d8b45b7de4804121616debf527e665ada169ee5
SHA256

4b63dc3c8e90ef095989e53256a8b7f990c0db28c2a11e2fba23313723f85873
SHA512

b8fd65d9e5b4d557becbd7fa45a5982620503b6cdc172178224894b2c8ce4a4f67a90c26114d056b5c73474a0925ee19edf709a5eafeae8fab47aa7231d8e3c6
SSDEEP

1536:zvE4jn835XRvWOQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zvLj8RRrGdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1736	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2032	cmd.exe
2032	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2032	1960	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2032	1960	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2032	1960	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2032	1960	5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe	29
PID 2032 wrote to memory of 1736	2032	cmd.exe	30
PID 2032 wrote to memory of 1736	2032	cmd.exe	30
PID 2032 wrote to memory of 1736	2032	cmd.exe	30
PID 2032 wrote to memory of 1736	2032	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a776d9325582a8eba6d08b8e4ae2260_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1736

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6d4b360221d7561196a87184fcae9fb5

SHA1
6fd8c4ee41f2dd4624382e77e98e9a8f67c3a3c8

SHA256
8d602ac47c3d9eea48a1879f8e73c6059176f912d9eadc98da4556bb53cdbd8e

SHA512
963d93449512be18ab7e1c41a2cbe6868d2a9c4597072ab43642d23af887cdd0f797cd5c432fefbc8b98fa2b9cbfe0fc0e9297da7b9d7c96adf75a7acc7b204d

Download Submit
memory/1736-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1960-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download