29a80c715c1ddebfe023c65fb5a14186e7f844635ac622961054ecca7537f38f

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 01:42

Target

2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe
Size

79KB
MD5

2c26548f7df4d58681ae7471e0c5d560
SHA1

8b70da98a65a8864b75623d7d86349d9a8af6bee
SHA256

29a80c715c1ddebfe023c65fb5a14186e7f844635ac622961054ecca7537f38f
SHA512

cc68acf8323988463d3bcb3c6d3d720b4431769577d67f9cd0962f3462fd800d43cf474b90c73d61fb09d175f664f13babe194e6a850df461af0bf0ac2d08416
SSDEEP

1536:zvMWVCEov458rUKSOQA8AkqUhMb2nuy5wgIP0CSJ+5ypB8GMGlZ5G:zvMWVHoQ54UKXGdqU7uy5w9WMypN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2664	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2556	cmd.exe
2556	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2556	2452	2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe	29
PID 2452 wrote to memory of 2556	2452	2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe	29
PID 2452 wrote to memory of 2556	2452	2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe	29
PID 2452 wrote to memory of 2556	2452	2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe	29
PID 2556 wrote to memory of 2664	2556	cmd.exe	30
PID 2556 wrote to memory of 2664	2556	cmd.exe	30
PID 2556 wrote to memory of 2664	2556	cmd.exe	30
PID 2556 wrote to memory of 2664	2556	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2c26548f7df4d58681ae7471e0c5d560_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2664

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2351b8a45027acca84b6b649833dbb71

SHA1
2881d2d79420f693e94e3c23191c1e256537acb0

SHA256
7b1e7a424b9e7d1d30d208692ccd85cf2d1d6eb46cd68a028acb95c003494ab3

SHA512
43fd2d7b3fbf3322f93f0194beee875a50829ea0ebe06d599d89ba690392085fd12af47c47a672493c22b8768de33eedb8b8de36cc45778c67aedfb843fd7824

Download Submit
memory/2452-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2664-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download