0be0569f61979a40b7048d3b3c2aff343d388b0a38c0f4a9feadeefef7062405

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 12:00

Target

5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe
Size

79KB
MD5

5d3e4161fddef992e4c6c4baba1490f0
SHA1

db8d92d9390bd48d9f7ce7e219ca1f3aaa2cc75a
SHA256

0be0569f61979a40b7048d3b3c2aff343d388b0a38c0f4a9feadeefef7062405
SHA512

08b6e60e0d77350a1b45d0a55762f6f18cc3c725ad4b620a526e4961db03ab55b3a13c6005e30d05e96838a43b6dd9de3726c3f1ab53b72d8e1d84ebe1b1e4c6
SSDEEP

1536:zvJudrqrpLekL5OQA8AkqUhMb2nuy5wgIP0CSJ+5yBB8GMGlZ5G:zvJu0rpLXUGdqU7uy5w9WMyBN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2996	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2496	cmd.exe
2496	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2496	3012	5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2496	3012	5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2496	3012	5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 2496	3012	5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe	29
PID 2496 wrote to memory of 2996	2496	cmd.exe	30
PID 2496 wrote to memory of 2996	2496	cmd.exe	30
PID 2496 wrote to memory of 2996	2496	cmd.exe	30
PID 2496 wrote to memory of 2996	2496	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5d3e4161fddef992e4c6c4baba1490f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2996

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3cb9ccc81bc3a4d339e8365bebada8a8

SHA1
ce7796cef5709ffff13e8150985c0cb4395da077

SHA256
cfd5407c1b6eef4e6bd2dd11a17c876bcb54a988dbd8590955abb2b045b06769

SHA512
57ced59a486c2f6b62412cb77f2bb64550027b4fb12b6e917403cdcf9305d34629b96c452c261d0b84513d85e088b2abcbbd6674db7d79131be47e34569a093e

Download Submit
memory/2996-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3012-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download