223e5a5e2017736c7e86b4a6b49c459905b3cadf9929081157c9c122ac361b1b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 22:11

Target

6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe
Size

79KB
MD5

6a5dccf380c1184ea0b92049ceaac3f0
SHA1

fd9b0b2120ca02cfb22a05a172ada82c65b12b49
SHA256

223e5a5e2017736c7e86b4a6b49c459905b3cadf9929081157c9c122ac361b1b
SHA512

fe90c022d7597fb857420744bfbe16be3cd80ca1cfcb671e32052370729459a48f8c8745849794f70ce4fa219da5da6e1950c91d49e703775f46577140f63ba9
SSDEEP

1536:zvIqTisupYrVjLZhkpkxOQA8AkqUhMb2nuy5wgIP0CSJ+5ybB8GMGlZ5G:zvIqJxLnsGdqU7uy5w9WMybN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1724	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1780	cmd.exe
1780	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1780	1920	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	29
PID 1920 wrote to memory of 1780	1920	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	29
PID 1920 wrote to memory of 1780	1920	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	29
PID 1920 wrote to memory of 1780	1920	6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe	29
PID 1780 wrote to memory of 1724	1780	cmd.exe	30
PID 1780 wrote to memory of 1724	1780	cmd.exe	30
PID 1780 wrote to memory of 1724	1780	cmd.exe	30
PID 1780 wrote to memory of 1724	1780	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a5dccf380c1184ea0b92049ceaac3f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1724

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2613981688f33df642290b4988a16e94

SHA1
f5b20c4f606a8defc5a18207a68bb97132165add

SHA256
806c8c12d1ef15c56277a1744c5496f29da76f8696eb4a312ac22446cef1e647

SHA512
b6eeda492d4f1efa561c5894cc6e46fb4648e18f20ffb49ac292c94168ca3c60ea51dd8d98ceabd7c7db24026248fd36da4b16b021d4fd5d2232ea26f669471d

Download Submit
memory/1724-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1920-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download