55ea1966632046584f07252cd15d62cdde379a584e02cfcfa03e90b0fe08f1cd

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 19:56

Target

146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe
Size

79KB
MD5

146a9316994cc843c8a0ff96b97e7390
SHA1

e70d61758f5e83e3ff0f997176d53e1d19e8556b
SHA256

55ea1966632046584f07252cd15d62cdde379a584e02cfcfa03e90b0fe08f1cd
SHA512

cabbbced916a8a7ce15fb0a8458c7ad0fb5776e39caf4d0f413931af45a0120de287e51320a516458ed197d8afca74f0161bf725b038c64a8137ce13e04ae0e6
SSDEEP

1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5yJB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMyJN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2760	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2992	cmd.exe
2992	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2992	1276	146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2992	1276	146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2992	1276	146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2992	1276	146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 2760	2992	cmd.exe	30
PID 2992 wrote to memory of 2760	2992	cmd.exe	30
PID 2992 wrote to memory of 2760	2992	cmd.exe	30
PID 2992 wrote to memory of 2760	2992	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\146a9316994cc843c8a0ff96b97e7390_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2760

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ccad3f1a73f779096e20b89574848a2c

SHA1
5036a3483e16c1b6327a25edf3e126aab92d959f

SHA256
956a98e4f5613db29366cccbbe81110d35e899f2d2afb5283ebca255b3690edb

SHA512
b0d16c83fc3e0153b9d3ec131e5b7ba08fb4e67e1d705d8af2069fedf8b5afb496c11629c09f98f4dba9b31cb69b97b72d8d30206f4e8c9ba8558304b6a0eabd

Download Submit
memory/1276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2760-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download