6c4d0f8c77484eb95e95eefd6088c091d72d06aeb4f0ae4c2e88930c31208353

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 16:26

Target

787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe
Size

79KB
MD5

787a4f31bf134fc11f6f9301ecb1cbe0
SHA1

9c26663ba43ff506675e04a655902ee6683ebf27
SHA256

6c4d0f8c77484eb95e95eefd6088c091d72d06aeb4f0ae4c2e88930c31208353
SHA512

6d89d523cda4714fdfaa55451a0518af4e2ba944b9d97d9c2db5f939173a130ad0a216cec9efc2c859355685e4e7d3e5f550b4cfee378a387d9c46c7cf304321
SSDEEP

1536:zvpe1QMQ+OQA8AkqUhMb2nuy5wgIP0CSJ+5yXB8GMGlZ5G:zvpe1crGdqU7uy5w9WMyXN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2212	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1716	cmd.exe
1716	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1716	2032	787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe	29
PID 2032 wrote to memory of 1716	2032	787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe	29
PID 2032 wrote to memory of 1716	2032	787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe	29
PID 2032 wrote to memory of 1716	2032	787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe	29
PID 1716 wrote to memory of 2212	1716	cmd.exe	30
PID 1716 wrote to memory of 2212	1716	cmd.exe	30
PID 1716 wrote to memory of 2212	1716	cmd.exe	30
PID 1716 wrote to memory of 2212	1716	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\787a4f31bf134fc11f6f9301ecb1cbe0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2212

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
25dc1babdcbad438054603024186840a

SHA1
e5df54e7ec2c1166df657d7b9d6c305491d69919

SHA256
fb835632e6479df02c67658251016a030e2e14c9c3d7bab0aabb42ebb2c89fb5

SHA512
ad170db5e5e3e039c6705f10b9cbccd1703abd8eb781edee7eb3e00eff9f2cc7f91e66e88bdb94f6d85c46c31a827e058fdde9c4b86b561d09811b2246f901dc

Download Submit
memory/2032-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2212-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download