c0ecd6289767efbcbd65775dd2887ca05e23b69fdac78a15fe4107bf6f46e42c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 11:39

Target

9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe
Size

79KB
MD5

9aa7afc3c217d1a0406696f00875b130
SHA1

7d5ca353ca388d98653b91d2ecb7ff14d8ff7140
SHA256

c0ecd6289767efbcbd65775dd2887ca05e23b69fdac78a15fe4107bf6f46e42c
SHA512

8c94ef7205818d8651007ece2f8ba3131aa96c9c34871c8fb92a527eb3da8261e8b404b7284ef9b291a5b878bd426401a416c6bff13cfd545414912d885b9aef
SSDEEP

1536:zvrpkO0PMjaPc2RBhnwKVOQA8AkqUhMb2nuy5wgIP0CSJ+5ynB8GMGlZ5G:zvrJO+aPcuHwVGdqU7uy5w9WMynN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2280	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2468	cmd.exe
2468	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2468	2148	9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe	29
PID 2148 wrote to memory of 2468	2148	9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe	29
PID 2148 wrote to memory of 2468	2148	9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe	29
PID 2148 wrote to memory of 2468	2148	9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe	29
PID 2468 wrote to memory of 2280	2468	cmd.exe	30
PID 2468 wrote to memory of 2280	2468	cmd.exe	30
PID 2468 wrote to memory of 2280	2468	cmd.exe	30
PID 2468 wrote to memory of 2280	2468	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2280

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0babb08cce9ffb5404829328d793e652

SHA1
81e8207b0c49d33a9ade7d53c23729692bfb0f14

SHA256
f7b8175ad2ce44e3fa901be451728fc8ab7ebbf9a1265408e61c1de61aeba19a

SHA512
2da409a0672d80d38ce2066d520e433fa33bfbd5208b483a872cea84fbaad0f7c79b0576ac38c46c338d112035eed0391a3d10a1515176a90aeb036076d2f8c6

Download Submit
memory/2148-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2280-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download