f49e9075e597d5a220f9ac1f5e0e7f81dc19cc0906a3af2b630205a759b8a770

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 10:55

Target

521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe
Size

79KB
MD5

521ca9c10ea33567e978148c063348a0
SHA1

5f1c95967b954ec146d4fb449d24587a3b4f2914
SHA256

f49e9075e597d5a220f9ac1f5e0e7f81dc19cc0906a3af2b630205a759b8a770
SHA512

6f074a025a56f404bf964f6819b728ddff712ec3f3ed5772386f523f1d5f31358fee89d2476d747484b0f3578c4bf2c9d6b00c6f0af227a6f85b736cbf4eb338
SSDEEP

1536:zvhsB3L8IR1f1wOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zvKlL8IRJ1lGdqU7uy5w9WMyGN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2768	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2384	cmd.exe
2384	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2384	2888	521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2384	2888	521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2384	2888	521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2384	2888	521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe	29
PID 2384 wrote to memory of 2768	2384	cmd.exe	30
PID 2384 wrote to memory of 2768	2384	cmd.exe	30
PID 2384 wrote to memory of 2768	2384	cmd.exe	30
PID 2384 wrote to memory of 2768	2384	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\521ca9c10ea33567e978148c063348a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2768

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e050ee062abcf9b2f2fbcde0aef75772

SHA1
cb753e8fb1d81fd2b6bcc59c5f08efb4995aa25d

SHA256
ef7144bf4c1499780fcbac44adc5c8c134748c73af637dd31c688eea2cb5505f

SHA512
c5050c7eb70092bad1fce8213cfefe5cbe61db466c609bbe0bdb6336af3b381487bce48bb545faa4dbf0cb47c073bab16b14b14754d1fe57ccbfedfa89db1b5c

Download Submit
memory/2768-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2888-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download