d2db21403b5e6eaa6998eaa3931e0039862acc925a08b327490e51569225705d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 02:12

Target

2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe
Size

79KB
MD5

2d406e476af03cf70811601fd15cb100
SHA1

8b687bea495887c52f450c56b3df0a93e90b4a15
SHA256

d2db21403b5e6eaa6998eaa3931e0039862acc925a08b327490e51569225705d
SHA512

f925cddb88e23ca34094891cb8fe7a4820e59596e728833b32043e14ba19737367715be47ecc328ea628f107fb87969755bb66e041168a34e8d2b25b26f9f747
SSDEEP

1536:zvVcDK/QKq9rOQA8AkqUhMb2nuy5wgIP0CSJ+5yQB8GMGlZ5G:zvVMLdsGdqU7uy5w9WMyQN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2416	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2580	cmd.exe
2580	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2580	2752	2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe	29
PID 2752 wrote to memory of 2580	2752	2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe	29
PID 2752 wrote to memory of 2580	2752	2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe	29
PID 2752 wrote to memory of 2580	2752	2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe	29
PID 2580 wrote to memory of 2416	2580	cmd.exe	30
PID 2580 wrote to memory of 2416	2580	cmd.exe	30
PID 2580 wrote to memory of 2416	2580	cmd.exe	30
PID 2580 wrote to memory of 2416	2580	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2d406e476af03cf70811601fd15cb100_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2416

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
01c18fa28d5f7b4708b87a67d9b5f8fd

SHA1
16bc685a5452704a31ba1a1e187225f27fb4c727

SHA256
d5be032bba38e328e481a056af8e2d6e79d1a0068fd94d39254eb2c9492d6ff0

SHA512
4a5904de13f7039fb24524a034bc1451ab5a98bff73914e5577cf4a2a57c34ab1c717f1c3b9e04fe30a6c1507e3e8f84d87a485829c385f21813e4add6c46268

Download Submit
memory/2416-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2752-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download