55c2f8c69959ffa7b478d3c32c666e7b058ddb23418b1c2a9e09468f9321b461

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 08:49

Target

3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe
Size

79KB
MD5

3bf3dd1cc8f3ed13b2c09f1c71698be0
SHA1

474ff6f8deef0a57a9be02ce271c5b03e0fe731e
SHA256

55c2f8c69959ffa7b478d3c32c666e7b058ddb23418b1c2a9e09468f9321b461
SHA512

e6f8b37a66517061d31e553e95c9a219c6d4a2580098c0f1d41cf57344f6b4ad30fb6abe160d4d7f0d74941fe154ef231f481dabeb8f9ff60377e59b0dcc03d1
SSDEEP

1536:zv61XZa5TE6RTSunOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zv6Ta5A6RAGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2740	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2824	cmd.exe
2824	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 2824	1884	3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe	29
PID 1884 wrote to memory of 2824	1884	3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe	29
PID 1884 wrote to memory of 2824	1884	3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe	29
PID 1884 wrote to memory of 2824	1884	3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe	29
PID 2824 wrote to memory of 2740	2824	cmd.exe	30
PID 2824 wrote to memory of 2740	2824	cmd.exe	30
PID 2824 wrote to memory of 2740	2824	cmd.exe	30
PID 2824 wrote to memory of 2740	2824	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3bf3dd1cc8f3ed13b2c09f1c71698be0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2740

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4aee5439a4f9a128deb63616b1434312

SHA1
9dac16d20b8c67808f10b635a4fffc50aac39baf

SHA256
5eed35fdf57d9a68b7c1b861285d6f6302c99b9b3b914e53841179157a053d56

SHA512
2c886564cd343599b8e36abad39853c5c886e445d34676ff889e3e99f36affa6afa4bb33046cfe504674b754863b77f9c18eb2c513a4ef38a6ef43e281b29f14

Download Submit
memory/1884-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2740-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download