909d2d7d3adb3e49ba66507d383c696a74dac81f6f2188731c54dfd06fbba919

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 06:41

Target

37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe
Size

79KB
MD5

37180e743e0aecd420dc00b941495200
SHA1

95e034d3b3b35b095b1a80b2d1647befed7bd4cf
SHA256

909d2d7d3adb3e49ba66507d383c696a74dac81f6f2188731c54dfd06fbba919
SHA512

51cf1eec3ac4ad09f60faba955ce416c1b8e1635d2c0dc5ee0083496726e311fbefd04f9a27ab6e2b013ab9165b5d1fd4ab930833fb55bc48136c3689c43047b
SSDEEP

1536:zvjtN299nmSy5qOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zvjtc9XSfGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3064	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3052	cmd.exe
3052	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 3052	2204	37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 3052	2204	37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 3052	2204	37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 3052	2204	37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe	29
PID 3052 wrote to memory of 3064	3052	cmd.exe	30
PID 3052 wrote to memory of 3064	3052	cmd.exe	30
PID 3052 wrote to memory of 3064	3052	cmd.exe	30
PID 3052 wrote to memory of 3064	3052	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\37180e743e0aecd420dc00b941495200_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3064

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6f7e9a5b3d3905e7dc2a9cf8f734d2a7

SHA1
79b56b17fdb16872e49abc4b2e3c0ef932bf3443

SHA256
cd3f16de353a273179c0487cbbb53a3f17f2b1edeaf8713a68cf20b9ea98a26b

SHA512
846090f38452b5bfd71f22a892b7fd3f2d11e20342dd18e52a8a22821e7dec7d3790a08dd3e9f8bdc397cc3d6632eb893c6fcb038fdae68023035469df30dab2

Download Submit
memory/2204-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3064-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download