ad90f816dfb3d0732f2b2c69a266aebc6dd7f59a52e9892ed4fc831ade12217f

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 06:56

Target

497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe
Size

79KB
MD5

497d686364cbc971aebb343661c6c040
SHA1

fffa86530690fdd2a42ae7264eaa72f6e67956ac
SHA256

ad90f816dfb3d0732f2b2c69a266aebc6dd7f59a52e9892ed4fc831ade12217f
SHA512

8a6f2f275249dd65d64ea846139925a0e671e72d22fc0765a1a476a81036e1bdc8eafc7c23558b5534b60a50c6cbb4cac68e68346fe0d56319ab888280924dc8
SSDEEP

1536:zvOAQ/EOZ0jubUE1OQA8AkqUhMb2nuy5wgIP0CSJ+5yFB8GMGlZ5G:zvyCjubEGdqU7uy5w9WMyFN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2032	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1708	cmd.exe
1708	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 1708	1084	497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe	29
PID 1084 wrote to memory of 1708	1084	497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe	29
PID 1084 wrote to memory of 1708	1084	497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe	29
PID 1084 wrote to memory of 1708	1084	497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 2032	1708	cmd.exe	30
PID 1708 wrote to memory of 2032	1708	cmd.exe	30
PID 1708 wrote to memory of 2032	1708	cmd.exe	30
PID 1708 wrote to memory of 2032	1708	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\497d686364cbc971aebb343661c6c040_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2032

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
19d4fc7dfe37cb1e182a0cf7575c2f40

SHA1
5ac24c7b697f9e82f9375764fbdbc6d0a5a0dd03

SHA256
b14ed2c1f71e1692f566fb86d27d081a69e25574780184f415e1b87d1c4279a1

SHA512
b4aebce616d073c190272ea0b4fbd9fad3471f4846afc5445a0be3772c25f8e782c65cace72802dd51a775cced6caaadde5d101ba7a786f51f8a7be86bac4e57

Download Submit
memory/1084-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2032-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download