94c7fd8de9e90482a3bb7c007c333687a6553ce5a1868b0d0c90f2e181bd0192

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 00:59

Target

2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe
Size

79KB
MD5

2a71cc50645cc4124bb28fdad85e0760
SHA1

413c06453a64538bff08a7b912efc3ec87b49460
SHA256

94c7fd8de9e90482a3bb7c007c333687a6553ce5a1868b0d0c90f2e181bd0192
SHA512

39814d346ec55a78b77f948bd1543e5351f1445ef786218ac20349f04b1c3341e13da267078451d710467ae7dc9f84cc1ffd1a0925194f1aaaa8074f32fdce19
SSDEEP

1536:zvec2PUdwS/2YOQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zveXPUur9GdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2032	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2984	cmd.exe
2984	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2984	1704	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	29
PID 1704 wrote to memory of 2984	1704	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	29
PID 1704 wrote to memory of 2984	1704	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	29
PID 1704 wrote to memory of 2984	1704	2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 2032	2984	cmd.exe	30
PID 2984 wrote to memory of 2032	2984	cmd.exe	30
PID 2984 wrote to memory of 2032	2984	cmd.exe	30
PID 2984 wrote to memory of 2032	2984	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2a71cc50645cc4124bb28fdad85e0760_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2032

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ec90945d9ed32419817c305fec303991

SHA1
09e328b551c1d60929216de3f0bcb1c4371dd2bf

SHA256
6d3e6887672a165e49794c66273d7f7da1bd7abe0fcf56997f8dd50392d6acd4

SHA512
1dc346722b0dea0c30b3a608057f2c3323086a8068e19957956b740dc4303ab4233843ec2e64be926465ba4bfbe653d9194864592cbad186784c586a2d039341

Download Submit
memory/1704-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2032-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download