6e5e09952f0ed9d6a92452065b33746e971437ca699a33bd2f11907cf417718b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 21:28

Target

0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe
Size

79KB
MD5

0920c0c442cf175876291de6dac25cd0
SHA1

14c0b4b747422f73ffac6923e01e26243d97a617
SHA256

6e5e09952f0ed9d6a92452065b33746e971437ca699a33bd2f11907cf417718b
SHA512

783a3acb2bf3a1ac4d8cf726643be838e2b9776de4c66d1baa29ab964947b6b84f5e6f6357f50474ce65c9cb5727fe49fef27e68435ec390042da6223336ffa1
SSDEEP

1536:zvKF4uRm+53CRfNducyOQA8AkqUhMb2nuy5wgIP0CSJ+5yKB8GMGlZ5G:zvNuAjGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3016	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2644	cmd.exe
2644	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2644	2240	0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe	29
PID 2240 wrote to memory of 2644	2240	0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe	29
PID 2240 wrote to memory of 2644	2240	0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe	29
PID 2240 wrote to memory of 2644	2240	0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe	29
PID 2644 wrote to memory of 3016	2644	cmd.exe	30
PID 2644 wrote to memory of 3016	2644	cmd.exe	30
PID 2644 wrote to memory of 3016	2644	cmd.exe	30
PID 2644 wrote to memory of 3016	2644	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0920c0c442cf175876291de6dac25cd0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3016

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
111034fe343adfb8416e9093ace784d2

SHA1
19ba506ed9090b009da03996ce71f0a194d5756e

SHA256
91550b7021a1419123bc15647653abaa712c821c0b2f6c2f6061a5d3b6f512a8

SHA512
6d3bafdb472a825912703a4ecc84fec27b3f8a8bdf4c9fdad72d0c01fbf2067a3adaa54a3748817d84d2732645dfb5cf43e605cfdaefcd6851e9a901504ab3a8

Download Submit
memory/2240-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3016-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download