8ba747144f6849b67353c805f118de1f1b2ce4f9c71045ead89bd26a3eaa5768

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 07:08

Target

3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe
Size

79KB
MD5

3819d7328993a3d30fb88f0def9279d0
SHA1

4d22b8295210e4e9f86b283cbb617f0d4d8348ce
SHA256

8ba747144f6849b67353c805f118de1f1b2ce4f9c71045ead89bd26a3eaa5768
SHA512

d825a40d6cb9a43dab4d4d0b02fc3137c9a105e89fdddc573aaf32bb3586a0c2dbfe90889d5aebc52ab85120cf40cbedfbff9b767d5014a9675119f1e4080050
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yYAB8GMGlZ5G:zv652PjGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2352	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2192	cmd.exe
2192	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 2192	1132	3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe	29
PID 1132 wrote to memory of 2192	1132	3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe	29
PID 1132 wrote to memory of 2192	1132	3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe	29
PID 1132 wrote to memory of 2192	1132	3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe	29
PID 2192 wrote to memory of 2352	2192	cmd.exe	30
PID 2192 wrote to memory of 2352	2192	cmd.exe	30
PID 2192 wrote to memory of 2352	2192	cmd.exe	30
PID 2192 wrote to memory of 2352	2192	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3819d7328993a3d30fb88f0def9279d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2352

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f945251c6189fcb439d5f3a115174e21

SHA1
7112b00812384f6da662534be4e17b4f6055278b

SHA256
03eab37e15b8a432f72e5e2fae9dfb89aeb811b03c97b29ef8233c70afcd9fda

SHA512
97bda91e32f9878a7151b9a692edd7ec6b98c95989c4b3c1d625735e7032608965aaf3e33bd154ff39187895d8625df92c8707861d441d93fd93c265892e66f5

Download Submit
memory/1132-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2352-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download