2d7f651263e9c088afec5b279ab09eb86383ae6f7e8bf2d4dadcc5e26f38c41b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 03:25

Target

3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe
Size

79KB
MD5

3686d3acd72a951c502647cf90f4bc80
SHA1

cc9d2f2ca8ca82da9d1ea93d3825597517347930
SHA256

2d7f651263e9c088afec5b279ab09eb86383ae6f7e8bf2d4dadcc5e26f38c41b
SHA512

95025a71cc1ac911b46e58d56fa46802658cbcda1658d34d62923ff1f8f88744a2a22b1c2fa3b2499bcc4d201f6d13e022999fada4a6bbe1e35d9ca87792381f
SSDEEP

1536:zvm5Om0rld8Ms1FAOgSmOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvm5OTld8r1QSjGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2592	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2032	cmd.exe
2032	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2032	1636	3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2032	1636	3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2032	1636	3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe	29
PID 1636 wrote to memory of 2032	1636	3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe	29
PID 2032 wrote to memory of 2592	2032	cmd.exe	30
PID 2032 wrote to memory of 2592	2032	cmd.exe	30
PID 2032 wrote to memory of 2592	2032	cmd.exe	30
PID 2032 wrote to memory of 2592	2032	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3686d3acd72a951c502647cf90f4bc80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2032
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2592

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d57e0a4b489d587c6d3def6916122399

SHA1
21e785590d252f4765b940c1e7ea2844d2c2ce25

SHA256
26f3dab228ceb42e97c9c4d346367b910f42c04b4df4c9addb48d5c8f592d73a

SHA512
5ced0bc3229a285d98e14ee6404ccc694fea665407f1a9ea08678d31a13d0345b30675ab01feab59539c8307f115b2992783959439306a7eaadf621cd6390896

Download Submit
memory/1636-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2592-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download