f1825ddace32fabdcb91bfb7ca26aa82ba446e88185ccc3d83461d6eab4e99f1

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 13:30

Target

4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe
Size

79KB
MD5

4004bfb3baa4adcbd7a9508556634fe0
SHA1

b2d72a27d7526fcf86a88258de340dedb539be00
SHA256

f1825ddace32fabdcb91bfb7ca26aa82ba446e88185ccc3d83461d6eab4e99f1
SHA512

609bf2b0125dea85359e45fc33d1420bbe5c8332e05dd2cf5fd9bd9f87e29ac885b3006f7e9902eb94b0d351a850580010a5329eded6f277202fd29cb36f480a
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5y4B8GMGlZ5G:zvyCjubEGdqU7uy5w9WMy4N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2376	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1960	cmd.exe
1960	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 1960	2988	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	29
PID 2988 wrote to memory of 1960	2988	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	29
PID 2988 wrote to memory of 1960	2988	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	29
PID 2988 wrote to memory of 1960	2988	4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2376	1960	cmd.exe	30
PID 1960 wrote to memory of 2376	1960	cmd.exe	30
PID 1960 wrote to memory of 2376	1960	cmd.exe	30
PID 1960 wrote to memory of 2376	1960	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4004bfb3baa4adcbd7a9508556634fe0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2376

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
60e9b4fe62385cd1d69d39855d1426c8

SHA1
1b52f32729c02001b7e5e3ba64468c565e19c4ab

SHA256
f68e47b40dafc48744275b8ee929d7a0ee0781f5bc9c86c00da2efe5191218be

SHA512
e32793b0862e001ea2bf8a3dacd579336c19c721c76ea7344529ae84dfdb939c08d4396791eb1a47f9e9af18967f838b4fc16f38d8045224068c7d4975906dcb

Download Submit
memory/2376-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2988-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download