3742477b0b573cfe49b60fa239889cfe025a52cefaa5594f8970f68a1d8dd488

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 23:42

Target

5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe
Size

79KB
MD5

5aedcc6430ce0cca798aed1fc61a6700
SHA1

15f498cc44c5b9235a783c8b12b474524f50e786
SHA256

3742477b0b573cfe49b60fa239889cfe025a52cefaa5594f8970f68a1d8dd488
SHA512

a0b254f1d01f947d8f5d2ec5a60af2f3b7ae2e92573668136d307583c5a2dd061f0c66f28f9ac0b3499a4506ac582eb0d6c81a09debb74a943c66e7dcab084e1
SSDEEP

1536:zvQFxWrhuqoWnMxOQA8AkqUhMb2nuy5wgIP0CSJ+5y1B8GMGlZ5G:zvQFx/0MAGdqU7uy5w9WMy1N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2064	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2328	cmd.exe
2328	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2328	2072	5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 2328	2072	5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 2328	2072	5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe	29
PID 2072 wrote to memory of 2328	2072	5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 2064	2328	cmd.exe	30
PID 2328 wrote to memory of 2064	2328	cmd.exe	30
PID 2328 wrote to memory of 2064	2328	cmd.exe	30
PID 2328 wrote to memory of 2064	2328	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5aedcc6430ce0cca798aed1fc61a6700_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2064

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d6e6fc89636a5538ca28161201bc38fd

SHA1
83afb78937abc05501815a1f343ee91211f8860f

SHA256
3ac8e53de0aec919f58b02b982806a4a140c5de4260fdf991f3e1a6306ebf8de

SHA512
1c6327fb2498f4474bf17bc1e999feb8e526197a85582cfc6643ca658be2a79eda90d64b9c4c13f3d5bec6dbc14de5613fbd218a006ff617441e8c2b6683536e

Download Submit
memory/2064-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2072-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download