fd425a80ca00d82aa60f00e0a3c4cfe5ec4679151d21b56d0d57305da69805bd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 12:57

Target

54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe
Size

79KB
MD5

54c53e7073bf3d356671d7d9b3f0ceb0
SHA1

47d6093ea55fc62f46f9f4040b54f7e3abae1979
SHA256

fd425a80ca00d82aa60f00e0a3c4cfe5ec4679151d21b56d0d57305da69805bd
SHA512

cfa868198deff12c2c9810ef4ad9352b7260297d576e1533a77d0dc4a9b4ad8e757eed659fd757ce3ffa292533392d37e1fe1531b35580a62b9d9e5d49457fb8
SSDEEP

1536:zvkUugKOznTotoDadOQA8AkqUhMb2nuy5wgIP0CSJ+5ypB8GMGlZ5G:zvJuVtfEGdqU7uy5w9WMypN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2188	cmd.exe
2188	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2188	2116	54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2188	2116	54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2188	2116	54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2188	2116	54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe	29
PID 2188 wrote to memory of 2456	2188	cmd.exe	30
PID 2188 wrote to memory of 2456	2188	cmd.exe	30
PID 2188 wrote to memory of 2456	2188	cmd.exe	30
PID 2188 wrote to memory of 2456	2188	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\54c53e7073bf3d356671d7d9b3f0ceb0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2456

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
61635dd86025b599a36983c54e619a7e

SHA1
6f713db78de99fa55a20c5acc659be518b1e8011

SHA256
be6124d4c6aadc10c2a8e64a71bef30133cc44db6acbdcbe4c12a0ccdbfc7d01

SHA512
b8eccbcc56ce993196a7872bbf2b07dacabb9b65b0d347e092ff1679eb1eecd3deb511ef52853fa96cb60a29fb530dcd33dff140e28fa2a029f2ea66e79647b3

Download Submit
memory/2116-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2456-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download