83f7c80dcd39966e8bb11e44e5ba0380887f6fef2d3f351a48ab969c7891a51a

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 11:02

Target

408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe
Size

29KB
MD5

408c4272f36ab5e147c3e606d0754db0
SHA1

f6ecaa4caea8d7d1ffd31d0b4d306e7f6a9f2049
SHA256

83f7c80dcd39966e8bb11e44e5ba0380887f6fef2d3f351a48ab969c7891a51a
SHA512

b85b12b3461b87459672e4be7108bc6a4427725a4b3ccd684ffebebfb98661a8dfef2d0765eb4eff4c245acc0d7943a58f4cf59ba832a5a77e9f548cbb24d92d
SSDEEP

384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGFM6:v/qSamrxDmqoKM4Z0iwtwc/

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2640	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
3012	2024052811.exe

Loads dropped DLL 2 IoCs

pid	Process
1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe
1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe
3012	2024052811.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 3012	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 3012	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 3012	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 3012	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 2640	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2640	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2640	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	29
PID 1960 wrote to memory of 2640	1960	408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\408c4272f36ab5e147c3e606d0754db0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\2024052811.exe
  C:\Users\Admin\AppData\Local\Temp\2024052811.exe down
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3012
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  - Deletes itself
  PID:2640

C:\Users\Admin\AppData\Local\Temp\2024052811.exe

Filesize
29KB

MD5
25915e9e17122836391d63793bb0959a

SHA1
d2d5baead201331bda404669253eae766a9e520b

SHA256
0d4461b1796fd2e4f654c988865062f4d9303f8428a12b6a3f096b4fc391b129

SHA512
d3ef4552d06355b9d4ab3db3c556e326602235c660566b03657d5b9fc3a5e879eb592c691fea110b9b799d9d05ce39a784acfcb9dcb232e5f96fce0f60f37827

Download Submit
C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
216B

MD5
1088b0a009a26279c09b19613014a25b

SHA1
f7e533ed9ee477d12c8041312b569620b0297f12

SHA256
d875aa75448d5f503a36f67722eaf53cdc2d258db54b07d7b564a1ced78dc2d0

SHA512
3735782b97ada330f83d138408529c058f410bdc28a53512ba1f255e811b30c76818f354d7eb4766ed312bb37fb00496ec085520a0bcfd31cf3b2233f97eb95f

Download Submit
memory/3012-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download