1e06636185a15fc4dee2996ef3451091737b112f2c72d81c359a107ce347a443

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 05:50

Target

473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe
Size

79KB
MD5

473cbab478d6daa38ceb3ad5ad14fcb0
SHA1

7594c30c21e89636ecbc8f70aac96d1199425a5b
SHA256

1e06636185a15fc4dee2996ef3451091737b112f2c72d81c359a107ce347a443
SHA512

a87eabb0ca55c394a56dfa3db488363676fd610e6b3923739394beca390a0731c6f82753e365e5424d43d8cf2549e0133b11e4a5d7c3944d0a42abf80aab9835
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMyCN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1652	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2368	cmd.exe
2368	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2368	2068	473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe	29
PID 2068 wrote to memory of 2368	2068	473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe	29
PID 2068 wrote to memory of 2368	2068	473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe	29
PID 2068 wrote to memory of 2368	2068	473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe	29
PID 2368 wrote to memory of 1652	2368	cmd.exe	30
PID 2368 wrote to memory of 1652	2368	cmd.exe	30
PID 2368 wrote to memory of 1652	2368	cmd.exe	30
PID 2368 wrote to memory of 1652	2368	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\473cbab478d6daa38ceb3ad5ad14fcb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1652

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3293e901829442cef507981d84772854

SHA1
b3470646248fa1ea2e52d952fb048a9f53ad2728

SHA256
859df6617d543481df688d88e2ca93466d880f55cbfedadf0616731400a20842

SHA512
e73ade315ae0a1f645b9f87f6f833204cd555a0a873188c56a111d6491fd3dc10fa01aa09905c4f50813f5d9b97fef786e2231d86f060daa208e160ccfabdcdd

Download Submit
memory/1652-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2068-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download