27681890b61aa33498289e56c387bea7b337d30a53af1b07b5296904e32c0eae

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 22:35

Target

6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe
Size

79KB
MD5

6b112b0aca6a74683f2900b42c83ef60
SHA1

278f83efc75fed8c6736951eae0e1971c2878b8c
SHA256

27681890b61aa33498289e56c387bea7b337d30a53af1b07b5296904e32c0eae
SHA512

346aeafe3c6c1fd99636a81e412e4b1d72064681e83350744df49fc2390cacb0e6e683564cd4a49c76ceee3ae0bedb9caa992ad7a315e61477f32da655409641
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yoB8GMGlZ5G:zv652PjGdqU7uy5w9WMyoN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2220	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1144	cmd.exe
1144	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 1144	2884	6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe	29
PID 2884 wrote to memory of 1144	2884	6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe	29
PID 2884 wrote to memory of 1144	2884	6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe	29
PID 2884 wrote to memory of 1144	2884	6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe	29
PID 1144 wrote to memory of 2220	1144	cmd.exe	30
PID 1144 wrote to memory of 2220	1144	cmd.exe	30
PID 1144 wrote to memory of 2220	1144	cmd.exe	30
PID 1144 wrote to memory of 2220	1144	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b112b0aca6a74683f2900b42c83ef60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2220

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
362d370986ff7dbba2cef1728a58d790

SHA1
cd146215be05cae1670f187cd1ed78675ff4edda

SHA256
3956a94f079c208983ddfa13d983562882a2daf9d357ddea4c98284980f1cdbe

SHA512
91aa734a48f9380dd3f7e51840d7e379f3d0307985440e1c6f551349e08f1d57a161dc3e2083a5cb1ac68454e4742319b1f42d2a57ead082cf3c3c66415a9d9c

Download Submit
memory/2220-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2884-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download