42653f33077e8941d47783d180c464a56f5f86997742702d19f88408258b5213

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 23:16

Target

6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe
Size

73KB
MD5

6c90d887d7cf109ab709bff4332b3510
SHA1

188c6bb807062cf104cd044419338d00b321f29d
SHA256

42653f33077e8941d47783d180c464a56f5f86997742702d19f88408258b5213
SHA512

923786d107ef5d8c5febe48c5768c68fdb788e8cc35431eac00e6c700b22e0a40daffc349858006a11b93d19dc25de3c1ae6123534bbda165af2d8d2f8512471
SSDEEP

1536:hbpavLPm5AuK5QPqfhVWbdsmA+RjPFLC+e5hI0ZGUGf2g:hwvTm5PNPqfcxA+HFshIOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1016	cmd.exe
1016	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1016	3056	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe	29
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 2456 wrote to memory of 2256	2456	[email protected]	31
PID 2456 wrote to memory of 2256	2456	[email protected]	31
PID 2456 wrote to memory of 2256	2456	[email protected]	31
PID 2456 wrote to memory of 2256	2456	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6c90d887d7cf109ab709bff4332b3510_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2256

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
e097f3815d0f0aa4dbb500060428af8f

SHA1
1cb76267f39484f1c5f16d0e8f90c72893df05d3

SHA256
096ea4f4a4af2f87d04d7d84e615733e7c38a4d060e382a7152fa694d1486bab

SHA512
ccda36ef850bbf924e5a798b966a1721c9254c89e228e58a927c3bef8f8be9706127d7ca05115cf164a7b40af944d00230351ffaede0e095279512458dc2a876

Download Submit
memory/2456-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/3056-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download