0c40199b9b2c670588529f647eb1c8c378722beb8fc1a13dbe5b6ce65484e202

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 12:30

Target

53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe
Size

79KB
MD5

53c3c75f910de9d9d2ad3b02b5cd3360
SHA1

e98abe55a24b562622d067b37c4e87dfe887a2b6
SHA256

0c40199b9b2c670588529f647eb1c8c378722beb8fc1a13dbe5b6ce65484e202
SHA512

6b75d49a210fd5df517297dfb8d9e0a62060ce5e35c7dc3947b81c10a634678e5e44a894ad8f61d0447d1ced98b1c7509a479cd18fe6d546493e0ba17e03e72f
SSDEEP

1536:zvtWgNR4gnuf/mNv4OQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvtWgcBf+vdGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1756	cmd.exe
1756	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1756	2992	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 1756	2992	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 1756	2992	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 1756	2992	53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe	29
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\53c3c75f910de9d9d2ad3b02b5cd3360_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2600

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8819bdd5dccf81365c93b198c4ff2397

SHA1
39891a0409aeb1cbc70f077d340dc2b98d560d6a

SHA256
7581768e3c1373628292bcb98d71764ea472b72350ebf107f6c79520dfd09dd1

SHA512
c16df58a92acee12bef402d68d1b196c439291f7fdd85bc09ec11abc842e9074cedf04e34d7a22cd7a1e04c8eac5c1f51cc227f62387e5fdd409783ece0f6577

Download Submit
memory/2600-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2992-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download