5ccb737a0b64bd0c66c4145224c57df0a0e856b3aaa81a2abecadcb3c6ff16fa

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 07:45

Target

4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe
Size

79KB
MD5

4b4a8226429f3f81b1200a9c4d9335f0
SHA1

d7f3a01c2022b03fcc3d8fd5395b4349f28036bc
SHA256

5ccb737a0b64bd0c66c4145224c57df0a0e856b3aaa81a2abecadcb3c6ff16fa
SHA512

0450aaf29d13a4d5029caadf7e0c16a76db1dbf0699e8d82bf263092acc0942eea7f071311cf9feb51604e873678fa80b64fb5c983bfca559a45e7f92b4ec6d9
SSDEEP

1536:zvawDMD4uuAqYOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvaw2Fq9GdqU7uy5w9WMymN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2908	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2896	cmd.exe
2896	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2896	2648	4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe	29
PID 2648 wrote to memory of 2896	2648	4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe	29
PID 2648 wrote to memory of 2896	2648	4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe	29
PID 2648 wrote to memory of 2896	2648	4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe	29
PID 2896 wrote to memory of 2908	2896	cmd.exe	30
PID 2896 wrote to memory of 2908	2896	cmd.exe	30
PID 2896 wrote to memory of 2908	2896	cmd.exe	30
PID 2896 wrote to memory of 2908	2896	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2908

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
900e8cde4e0c47f041e0f703a6de85a5

SHA1
7bb2dcd83272497be2945d08ab0abc99dc005307

SHA256
cbb35e41adae64f9d0fa56b658ac36ef6867016e694fe3af647d69974c0c5f1b

SHA512
fd6673259cd18fc93c32012ed8277c4103de48e37df7f53fdbf815e6498c37f4bc926b30b293faae4a7b9c4bbdf7bf5a1bc6692faf9fd0333ffcf6d6b8f61320

Download Submit
memory/2648-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2908-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download