e1c5ea17c15fdba2eb6cddd79fda9f816d15bae5102b4ef7fb232be444bf4e90

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 08:16

Target

3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe
Size

79KB
MD5

3aa04d5f47ebdf552d7e1486b3368f70
SHA1

5114106ab01d4a3b3c6117003e917b9dd6c04ef8
SHA256

e1c5ea17c15fdba2eb6cddd79fda9f816d15bae5102b4ef7fb232be444bf4e90
SHA512

b59144cc6e5b54ee3b55342753a0cf397611761eace71fe744945422edee8e564f610b48c7d12f1e6d575d340275e0b0dab6bd83d1eaaef5aecb8b6d6331a402
SSDEEP

1536:zvUdgeKieKRKpOQA8AkqUhMb2nuy5wgIP0CSJ+5yjhB8GMGlZ5G:zvUueKKRKoGdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2540	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1736	cmd.exe
1736	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1736	856	3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe	29
PID 856 wrote to memory of 1736	856	3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe	29
PID 856 wrote to memory of 1736	856	3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe	29
PID 856 wrote to memory of 1736	856	3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe	29
PID 1736 wrote to memory of 2540	1736	cmd.exe	30
PID 1736 wrote to memory of 2540	1736	cmd.exe	30
PID 1736 wrote to memory of 2540	1736	cmd.exe	30
PID 1736 wrote to memory of 2540	1736	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3aa04d5f47ebdf552d7e1486b3368f70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2540

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
acff52b00f44e89dcf7c41b996b15f79

SHA1
6a3856ac561c9e74a28263bf096b55461edcfd88

SHA256
967f3b2e9e59096fdc7cc8c8fdcb38699a52747b0bb9514a5b11cda6f5fb0932

SHA512
8ea7a6e7bf538f3d76dbe22e6cdfd462fd88e6e653fdaa56eec6745690d9c6e9063310febe3a83b55e9711f9a51aa7684131c6a979cc95d7c21223a1c6deaa6d

Download Submit
memory/856-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2540-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download