9604584cdece9c9714e7e131791959ea0c39aaf6ea11b64f8c1248284a3ea5e8

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 06:52

Target

495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe
Size

79KB
MD5

495c5c881d7da7f5f253f25474f586e0
SHA1

e8d01522806559950dd9a99597fb9d5f2413b5c7
SHA256

9604584cdece9c9714e7e131791959ea0c39aaf6ea11b64f8c1248284a3ea5e8
SHA512

61b952f6be0fbaf926f8ab6e3d0234888d4ef6baa8b1d339fcee74e1e691a5e99d0f9e290236f29b5785b0aac6ccbaac8652d76c6714b943e002dc18a459df30
SSDEEP

1536:zvCWNsW10Ten1VvB7DtNOOQA8AkqUhMb2nuy5wgIP0CSJ+5yZB8GMGlZ5G:zvCWOW10q7Zn3GdqU7uy5w9WMyZN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1072	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2276	cmd.exe
2276	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2276	2240	495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe	29
PID 2240 wrote to memory of 2276	2240	495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe	29
PID 2240 wrote to memory of 2276	2240	495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe	29
PID 2240 wrote to memory of 2276	2240	495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe	29
PID 2276 wrote to memory of 1072	2276	cmd.exe	30
PID 2276 wrote to memory of 1072	2276	cmd.exe	30
PID 2276 wrote to memory of 1072	2276	cmd.exe	30
PID 2276 wrote to memory of 1072	2276	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\495c5c881d7da7f5f253f25474f586e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1072

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8a4de518832e207c8c5ce4b0cc4a7633

SHA1
3d74d79161f4c74a9d371b9f2362b7973228515a

SHA256
b6956a62b895b6a4dd7d21ab5251f0c7634dff1e96a676aff0febbe73f7671d4

SHA512
85e934589d87c05b7aac784495e391cb03888f5588acbbbb84ce7e4c9661c2ca1c26eff45591268f7202c63261f260ee3179f2eea380e7b05a1b4efe5e22a5cf

Download Submit
memory/1072-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2240-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download