ecb1c8ed7cdc9aa1246db3019bb1e12cbeb2fb99eb17ef8bb2b3f8d8d3403bf9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 09:31

Target

4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe
Size

79KB
MD5

4f4addd55ee84f7fad7297a95703c4b0
SHA1

8900a37af3869b99ca75101918059a2fa302b997
SHA256

ecb1c8ed7cdc9aa1246db3019bb1e12cbeb2fb99eb17ef8bb2b3f8d8d3403bf9
SHA512

e355c7bfb170abc3f5d91bd570c0af515ec9ef3c7e56c6475831fef35977808d52b12fbaf7413f162e99cdcd267ed119dfa489b7f8447853cee07bc754f84d2c
SSDEEP

1536:zvto4eBdpfySdxOQA8AkqUhMb2nuy5wgIP0CSJ+5yeB8GMGlZ5G:zv23BdpfySdAGdqU7uy5w9WMyeN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2988	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2192	cmd.exe
2192	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2192	2872	4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe	29
PID 2872 wrote to memory of 2192	2872	4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe	29
PID 2872 wrote to memory of 2192	2872	4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe	29
PID 2872 wrote to memory of 2192	2872	4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe	29
PID 2192 wrote to memory of 2988	2192	cmd.exe	30
PID 2192 wrote to memory of 2988	2192	cmd.exe	30
PID 2192 wrote to memory of 2988	2192	cmd.exe	30
PID 2192 wrote to memory of 2988	2192	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4f4addd55ee84f7fad7297a95703c4b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2988

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2ed4bee4570904292857109f6735ef09

SHA1
4a3d019e57c0a536b8867c527120424a731d64da

SHA256
3bf36fcca4900420558a94a2201f43de9b046d5f1e5ceb40d5588f5291212a64

SHA512
01a06d3f5fef1236cce337265c00aba698fc4804f36748aa34c50c66038b8de3f3c9e659665c8979e29a42861700a346d3df82158e246a4aa891741ad6f07598

Download Submit
memory/2872-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2988-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download