92e25be6f0b025f4fe0226820504225ac3f7158940d2268d7b6c971126c85e06

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 03:43

Target

30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe
Size

79KB
MD5

30e27838cccec4c3a51e4ca2c0c346a0
SHA1

f7a45118eceb95b16c102f6e8a8457dc5cea5400
SHA256

92e25be6f0b025f4fe0226820504225ac3f7158940d2268d7b6c971126c85e06
SHA512

5eb59222b74ac8dd586db7e074f3d6f481ce6338a79b69a0b66562be4d76312008754b7befad73e79933d768cfee41b04b6cf521ce1c325113b4c08e96769b08
SSDEEP

1536:zvG9N9jV7sPVknOQA8AkqUhMb2nuy5wgIP0CSJ+5yNB8GMGlZ5G:zv8N9jtsP/GdqU7uy5w9WMyNN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1248	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1052	cmd.exe
1052	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1052	1688	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 1052	1688	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 1052	1688	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	29
PID 1688 wrote to memory of 1052	1688	30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe	29
PID 1052 wrote to memory of 1248	1052	cmd.exe	30
PID 1052 wrote to memory of 1248	1052	cmd.exe	30
PID 1052 wrote to memory of 1248	1052	cmd.exe	30
PID 1052 wrote to memory of 1248	1052	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\30e27838cccec4c3a51e4ca2c0c346a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1248

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
bbfba9b06511ba3d49b57da31f089888

SHA1
f0ab382192f590c6a520947249e2a9b6847cfe84

SHA256
56f3081db4b406f323093999078e9dd1ddf5219fc6e11d3e61ae03caae54b6bd

SHA512
c9dfe0f48f1cfb178be2cf9345ad0d37918d7cc950d72cf93bc86f091ee5f6004783ceeb54398d542e6b7a687e526b83d17f178f950bc7d75151294f49a3c3f7

Download Submit
memory/1248-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1688-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download