3fada448a8cfc6b7744aa8abaa99ac7c28f5fd63ff21b2c1fe3ab87ea0690f07

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 04:27

Target

3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe
Size

79KB
MD5

3e599a10b6b144dbf331bd79d13f7000
SHA1

e77ce92f7591a6e483139226473efe24d6745d0c
SHA256

3fada448a8cfc6b7744aa8abaa99ac7c28f5fd63ff21b2c1fe3ab87ea0690f07
SHA512

8199a5893caa287ba58780b8f696050d2b1e5e37a3cd6d097ba022780e96e6d19bdbb029ad8aed87676cb7fb6587fd6e2b1d5ea31a54703ea96637d22ff98971
SSDEEP

1536:zvKxifeJrDfME+2+OQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zvGifgMSGdqU7uy5w9WMy0N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1624	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2324	cmd.exe
2324	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2324	2328	3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 2324	2328	3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 2324	2328	3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe	29
PID 2328 wrote to memory of 2324	2328	3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe	29
PID 2324 wrote to memory of 1624	2324	cmd.exe	30
PID 2324 wrote to memory of 1624	2324	cmd.exe	30
PID 2324 wrote to memory of 1624	2324	cmd.exe	30
PID 2324 wrote to memory of 1624	2324	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3e599a10b6b144dbf331bd79d13f7000_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1624

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8b7537118b386c89bce8a13d9ae28dbb

SHA1
30c02ef63dc160f3b18d50f56a5071a2dd436d85

SHA256
aac5253e567f878b20b138df4f91a3894aabe2c0da2dfc1709529ee124d9ab30

SHA512
06185fd00f102168b5f85d62c43947ed8a55b2ee01687183e836049f72c558111f0d2a813d8fd6b375c88b1fe64efa7926874e0983b7def47c3a44efc8d89ed4

Download Submit
memory/1624-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2328-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download