d1fd9b354aea4928bca33f6e7dba40d89627ac35074103b8d5a7f9cff90c46ac

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 18:18

Target

09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe
Size

79KB
MD5

09d9853bba99a8f877337ea5c1e9c980
SHA1

4d3344a68b819f4a4a9c33763b6e3766e5e58c20
SHA256

d1fd9b354aea4928bca33f6e7dba40d89627ac35074103b8d5a7f9cff90c46ac
SHA512

79de4162440dab91f5a9ce11e8d035c284a914f0bb6ff5dbe74e8985f2d26c119e769efa753d069657c87f77893a906db2ac06732c0800d4fadff0fc0868fcc8
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5ydB8GMGlZ5G:zv652PjGdqU7uy5w9WMydN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2480	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2996	cmd.exe
2996	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2996	2168	09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2996	2168	09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2996	2168	09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2996	2168	09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe	29
PID 2996 wrote to memory of 2480	2996	cmd.exe	30
PID 2996 wrote to memory of 2480	2996	cmd.exe	30
PID 2996 wrote to memory of 2480	2996	cmd.exe	30
PID 2996 wrote to memory of 2480	2996	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\09d9853bba99a8f877337ea5c1e9c980_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2480

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3d433bd8152f333bf393bec8cbbc5558

SHA1
845a7c701a70b2147d67bf2b24e9545a1aab7e5b

SHA256
20c7d486fe0f8710d46e9b7d803c24ad30a8d78b243520799c5c619402a2bd9c

SHA512
367622c12a99f589d63dbd9d49af29f252ffc276b29759a2e3e38b278d37880b0f64291c4826c19a4820a543d4c4633cc1be92868bf3245c335c7648bcd75780

Download Submit
memory/2168-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2480-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download