e199338ba972d79f74523570aa054e253aabc284de0f6b0967214f2efd6a13b0

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 22:19

Target

6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe
Size

79KB
MD5

6a976da74ae4e3078cebedaa14711740
SHA1

de6dd97799fa4079b593eead2f71d1b24fb34a4c
SHA256

e199338ba972d79f74523570aa054e253aabc284de0f6b0967214f2efd6a13b0
SHA512

876a491cbeee40891443af6503c1e8a2a422dea3d4ba042ab715ca8b6e94329b6e1400f0eec5e200d0b63b65988926f73de0690a34c7bddde8b100e343b83565
SSDEEP

1536:zvI/UIvqd/7oYvzsYaKOQA8AkqUhMb2nuy5wgIP0CSJ+5yLK7B8GMGlZ5G:zvIZqdDNsYa/GdqU7uy5w9WMyLK7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3028	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1948	cmd.exe
1948	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1948	2364	6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 1948	2364	6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 1948	2364	6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 1948	2364	6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe	29
PID 1948 wrote to memory of 3028	1948	cmd.exe	30
PID 1948 wrote to memory of 3028	1948	cmd.exe	30
PID 1948 wrote to memory of 3028	1948	cmd.exe	30
PID 1948 wrote to memory of 3028	1948	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6a976da74ae4e3078cebedaa14711740_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1948
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3028

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8fedac0cce6a8351dc32adc8babe6a0f

SHA1
f9779c7d9cfbcd5e5cdccbcd44f1b0a229acefe3

SHA256
4005122a90ae109bf969236a9b353615264126b34e750b9ad47f33e12dce4f07

SHA512
480e0dc3f9f5b23460470b90bd13c15ea24bb4d945e05e87fbd8e4b6f91093e0591902cbf3389e3ecb410208f0e10bece5ed3507eea696cd67b01256f33bcf87

Download Submit
memory/2364-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3028-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download