763d74359e0dd05b106d68b9cc0293b9960443233b0f0345c01e36030b6209c1

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 10:42

Target

51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
Size

73KB
MD5

51b0d1009a9af362052c2b7f808f6fa0
SHA1

0d15e864daeb5d81b770c2474f880d50ce700ce7
SHA256

763d74359e0dd05b106d68b9cc0293b9960443233b0f0345c01e36030b6209c1
SHA512

b6c78e92bf5275f74e196f460b8818467c608c23e4d69d2ceef470ee5a0f2d6c03be2e28982738015e65c9f17db04b9fac24987378268acef1f04466277f1275
SSDEEP

1536:hbLvRJ+Q0re1apK5QPqfhVWbdsmA+RjPFLC+e5hkD0ZGUGf2g:hnPHCNPqfcxA+HFshqOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2032	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2840	cmd.exe
2840	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2840	1992	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	29
PID 1992 wrote to memory of 2840	1992	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	29
PID 1992 wrote to memory of 2840	1992	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	29
PID 1992 wrote to memory of 2840	1992	51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe	29
PID 2840 wrote to memory of 2032	2840	cmd.exe	30
PID 2840 wrote to memory of 2032	2840	cmd.exe	30
PID 2840 wrote to memory of 2032	2840	cmd.exe	30
PID 2840 wrote to memory of 2032	2840	cmd.exe	30
PID 2032 wrote to memory of 3004	2032	[email protected]	31
PID 2032 wrote to memory of 3004	2032	[email protected]	31
PID 2032 wrote to memory of 3004	2032	[email protected]	31
PID 2032 wrote to memory of 3004	2032	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\51b0d1009a9af362052c2b7f808f6fa0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:3004

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
645b127a723b0b6b9942068639712120

SHA1
7a869ffcc272952acbd1425413b113d3dd917ba1

SHA256
e391f7580141f5cc30b73cd28658733cef9aebfda9a51b6f4acebe8ef0ed2c5c

SHA512
0d03b82222c1e2c6d19eeca89ad38cdc4b2acbfa4117d30766ade3c1792d1d79ddbcb8e3c6137c8207acc603457b3f1d1f0eea7dbf3c49868e9f46bd66ccf385

Download Submit
memory/1992-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2032-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download