28681224ed31b15f0853a7fd4e9e31e5bbf835042e0e6825a4ad6fdb3cd10c5c

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 22:10

Target

57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe
Size

79KB
MD5

57bdc439c8934bcbb81ae518cd7f74f0
SHA1

66c1051aa242e3b3a4a7bebf05054a3c16be9d7f
SHA256

28681224ed31b15f0853a7fd4e9e31e5bbf835042e0e6825a4ad6fdb3cd10c5c
SHA512

b207ef7ba2aaeb9b6be582f640252028b613b9a24fd591da6b030aca493cbd14158016debd71703b4e3900cc86fb312bf4bacb6d4ebafac63e246fc8167d6cd2
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yTB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyTN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2572	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1972	cmd.exe
1972	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1972	2184	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 1972	2184	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 1972	2184	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 1972	2184	57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe	30
PID 1972 wrote to memory of 2572	1972	cmd.exe	31
PID 1972 wrote to memory of 2572	1972	cmd.exe	31
PID 1972 wrote to memory of 2572	1972	cmd.exe	31
PID 1972 wrote to memory of 2572	1972	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57bdc439c8934bcbb81ae518cd7f74f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2572

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9f98ad41a04fc7d1df88e522a13abc94

SHA1
19e51629f79bc66bd999491d4570f6891ade7056

SHA256
44e0de7bf8dacea17d206625dde876d8c25c83035c9f4d0cd8f29027234addb4

SHA512
e24cc859649f43e120c8fbb5f6cfafc83a96f97e25fb78a267ed6a8afe3c05bde634d5088d155b58099e0c1229ca443f4676673098d7b8a0e9de3aa4d6fcc7ac

Download Submit
memory/2184-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2572-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download