1cee6bcd3a52e1a59fbea6f26515df0e7d9f4586ef20cc442474735e4fba9de0

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 06:59

Target

37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe
Size

79KB
MD5

37bdd572c4da98ec8752ae5130a5aa70
SHA1

05172550c034c7a1dd509947bba551bd102e2005
SHA256

1cee6bcd3a52e1a59fbea6f26515df0e7d9f4586ef20cc442474735e4fba9de0
SHA512

34f3e9d724358a5783bb8b7680f89b3700f547b170b2184488dc148e071566721f6f3fd378196cda3bb2eb4ebbb723af4c02461ad98983369d64168297b04f52
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2984	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2960	cmd.exe
2960	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2960	2724	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	29
PID 2724 wrote to memory of 2960	2724	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	29
PID 2724 wrote to memory of 2960	2724	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	29
PID 2724 wrote to memory of 2960	2724	37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe	29
PID 2960 wrote to memory of 2984	2960	cmd.exe	30
PID 2960 wrote to memory of 2984	2960	cmd.exe	30
PID 2960 wrote to memory of 2984	2960	cmd.exe	30
PID 2960 wrote to memory of 2984	2960	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\37bdd572c4da98ec8752ae5130a5aa70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2984

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
77874f2acc9c617e7616d74a967c8b36

SHA1
15a278047fa20207090268aad0916ff8887af3b3

SHA256
b5baf45d626d4eb72d3ebaa4cd456e4f80398ffd9eacc41ad3d5a7f717fc809a

SHA512
12772cfb0506263e670af27173e7fedb8a03d8ca6f318b62499841d168fdb42ddd3df4bc472a9c463ad23094400d081e53e1ce3100a4190df5e0a6f9c1280e82

Download Submit
memory/2724-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2984-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download