922f91d04c6edfc9034108b6acc84c7d5796876172234ad4efca02198457a578

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 06:39

Target

3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe
Size

79KB
MD5

3706cb12aefc7667218b67da188bc1b0
SHA1

7bb541f1577f6279b2865f282031fc8edfb279df
SHA256

922f91d04c6edfc9034108b6acc84c7d5796876172234ad4efca02198457a578
SHA512

96fe05aea261c3724fbedb382b0f75c3d55e1480cc9eb971f974f0a9947e5235ab226070913a56d3f9046017ebbdaf306b87d4ac419fd7481b3eb5bb3ebbafe2
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2084	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2296	cmd.exe
2296	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2296	2168	3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2296	2168	3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2296	2168	3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe	29
PID 2168 wrote to memory of 2296	2168	3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe	29
PID 2296 wrote to memory of 2084	2296	cmd.exe	30
PID 2296 wrote to memory of 2084	2296	cmd.exe	30
PID 2296 wrote to memory of 2084	2296	cmd.exe	30
PID 2296 wrote to memory of 2084	2296	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3706cb12aefc7667218b67da188bc1b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2084

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
228210dd9ec9f088c9387b833ca8d6dd

SHA1
72ca1573f38fdac132e79c0014cdd3404eb21a64

SHA256
a19954b545fcb8576424ecb4ca2c447afd1eab4b3e3ab6c6e71344d97e0b6a63

SHA512
00f392633060751bb940ae5e52f730920376068c50626d215929ceed98dbf46dde5570489a740902284af01b2035b556668a8cfd4b0b300dad3ba443e6b21db0

Download Submit
memory/2084-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2168-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download