50c3916e92b9da793a600e09c97a5a6cf37d1f7cbb42e5a638194d00ce4ad93f

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 23:04

Target

148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe
Size

79KB
MD5

148b5292efcb5e1d3defd70956094920
SHA1

8cb358c1b30a5d584fae127ffba2789c3f06ee80
SHA256

50c3916e92b9da793a600e09c97a5a6cf37d1f7cbb42e5a638194d00ce4ad93f
SHA512

c83fc5e5e8446d3dc99f2214d38b78243e592e745f73705131774f5dd277bdedaa2ac1d7e16dfe932fe9ae464be3418c7642a2f2ddd682b3557924ba9f69b537
SSDEEP

1536:zv/B5w5Dj5XJ+m6Ri+OQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zv/B5w5D9XdGdqU7uy5w9WMyHN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2036	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2948	cmd.exe
2948	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2948	2660	148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 2948	2660	148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 2948	2660	148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 2948	2660	148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe	29
PID 2948 wrote to memory of 2036	2948	cmd.exe	30
PID 2948 wrote to memory of 2036	2948	cmd.exe	30
PID 2948 wrote to memory of 2036	2948	cmd.exe	30
PID 2948 wrote to memory of 2036	2948	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\148b5292efcb5e1d3defd70956094920_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2036

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5e6d2233dc8b82fa5f6fb9de84cc9573

SHA1
a7d542182f80ffe8a1e2ecad5e58ce455a7d695d

SHA256
afad39138e947bd14446560445e66ed44f721b5de1a64ce46647fcfa264f74fa

SHA512
f98f22725cc4c2214e24f58161154a6510c4e1218af6748bbc76e750477726955636e75b6b407bf583b1186c72e71377ef3fa8981c35f79b864267ae75e3e0b4

Download Submit
memory/2036-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2660-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download