790042423d1c9ca4176bc507fd41b0ffeb42fc42ece487f1aeb0b1675b47dcc3

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 12:36

Target

4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe
Size

79KB
MD5

4407ebf855619c3f9317ad91da70a960
SHA1

3dfd066920b36e6df35f0afcf67744e670099bd4
SHA256

790042423d1c9ca4176bc507fd41b0ffeb42fc42ece487f1aeb0b1675b47dcc3
SHA512

dbbc60809040e6d4755a6f1813e59b0322ebda6a0dd4f246ac56593c716d660c16e0af09e9a98c2386a3afdaf658abf40c5985df1050b8653f51541fcda58525
SSDEEP

1536:zvI/UIvqd/7oYvzsYaKOQA8AkqUhMb2nuy5wgIP0CSJ+5ypKkB8GMGlZ5G:zvIZqdDNsYa/GdqU7uy5w9WMypKkN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2300	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
288	cmd.exe
288	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 288	1724	4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe	29
PID 1724 wrote to memory of 288	1724	4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe	29
PID 1724 wrote to memory of 288	1724	4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe	29
PID 1724 wrote to memory of 288	1724	4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe	29
PID 288 wrote to memory of 2300	288	cmd.exe	30
PID 288 wrote to memory of 2300	288	cmd.exe	30
PID 288 wrote to memory of 2300	288	cmd.exe	30
PID 288 wrote to memory of 2300	288	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4407ebf855619c3f9317ad91da70a960_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:288
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2300

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2a207caadeb70d6f440aaea9450b7857

SHA1
14494d16277b7df1322a1fa031a51cd684b42a43

SHA256
42f238b9379132c5dabf61807984be34f65fb37cb1673f3375b3fda1b7267d69

SHA512
3b54d562d8041b6f843fcea74dd653e05ee759dd0dab6bfed33ded320575cc64d9e199c630b4074df8f930068ed1f25981704647a5c52d547f7ee8b6c41a934e

Download Submit
memory/1724-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2300-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download