8abf49be740295358ee73ff924e31c6721eea8e3e93c31c4092ecb2890e94409

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 06:20

Target

484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe
Size

79KB
MD5

484c96147bbdb52c1a0c74d7aa46e860
SHA1

4717b10f9f59cc40678c23292c386bb3f82b7221
SHA256

8abf49be740295358ee73ff924e31c6721eea8e3e93c31c4092ecb2890e94409
SHA512

d0e12b40d86414b65407c2c96e11bfb34f6ecb201283ff3d9375c649800761d26c6920172ee88b1ab87ed7acf054b93a8821be33a93cb76ae5f30e7235d8e6d2
SSDEEP

1536:zvclfO4/s7BJB2OQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvEfO1BJBTGdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1756	cmd.exe
1756	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 1756	2984	484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 1756	2984	484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 1756	2984	484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 1756	2984	484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe	29
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\484c96147bbdb52c1a0c74d7aa46e860_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2600

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fc25250f65668af4414bb2e1192defda

SHA1
39c1554e92141e4d606f5b4d9ac625212446c805

SHA256
42666e84db69003c7bff936ccc1470e27f0ffb240c9be3075b88d4b2bccd4822

SHA512
eee2516b2ebd09712ebb9ac16103c896dd0504f7b8f065507fa0457d44c11200ca62699876296683f88e46641a172f4d89ac8a42c6234f025c0fcd624bcad130

Download Submit
memory/2600-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2984-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download