4e83838aaec92c5934b971c7f862ebca143e2b41cf84b4b50f9014714fe93a04

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 04:29

Target

327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe
Size

79KB
MD5

327f598bb873183b7fe86571adb91ad0
SHA1

6bec4f890b6228400ded65ba6880cd58d9e52757
SHA256

4e83838aaec92c5934b971c7f862ebca143e2b41cf84b4b50f9014714fe93a04
SHA512

e91b54846621b315e8202d79f458ee09c7ffb9fd66073488d6063514a6fa709abef3b0dd6bd4b5bd82566c60b68e1c813f3c1f96be2fb23675e63313847d05ea
SSDEEP

1536:zvlIj2RxFr51zXOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvqjWFr+GdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1996	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1636	cmd.exe
1636	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1636	2868	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	29
PID 2868 wrote to memory of 1636	2868	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	29
PID 2868 wrote to memory of 1636	2868	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	29
PID 2868 wrote to memory of 1636	2868	327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 1996	1636	cmd.exe	30
PID 1636 wrote to memory of 1996	1636	cmd.exe	30
PID 1636 wrote to memory of 1996	1636	cmd.exe	30
PID 1636 wrote to memory of 1996	1636	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\327f598bb873183b7fe86571adb91ad0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1996

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2c8a161b4a868a23f01a602f175bc9d9

SHA1
cf399dc015544859b16d3a93ef598647ef865156

SHA256
ec5d7379ce8e956d34853c148202a3eaea723b3b18aab2db52c444f54f132e81

SHA512
2e6bd5cae38e8b6f5a936f7729dd85ac89c347673a29ed148fa370a165dd9bcc8d6e53dff2c99469a91533ee19303f1ca4c0fffd50e2c4c6310af0377037eb86

Download Submit
memory/1996-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2868-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download