bd5fcddf44386f986eaf1a71f032a0a1f02e8de4b347a90ec4bfbcf406fb7955

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 23:36

Target

6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe
Size

79KB
MD5

6d280fae32631c97a0e3f54222436240
SHA1

daf773cc173c29340be57a4ccc92fec1cdbe88ae
SHA256

bd5fcddf44386f986eaf1a71f032a0a1f02e8de4b347a90ec4bfbcf406fb7955
SHA512

4b240130e049db57bbda5e9cdb51064a1f1904bd8c3f462c85099ce3a76699092f3aa51fa756bd812583bfb455d2c3a28f706a8b8037902d341c00207629284a
SSDEEP

1536:zvoO0/7E2BzTQTFOQA8AkqUhMb2nuy5wgIP0CSJ+5yFB8GMGlZ5G:zvL0/Y2lTQTcGdqU7uy5w9WMyFN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3044	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2836	cmd.exe
2836	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2836	1984	6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe	29
PID 1984 wrote to memory of 2836	1984	6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe	29
PID 1984 wrote to memory of 2836	1984	6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe	29
PID 1984 wrote to memory of 2836	1984	6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe	29
PID 2836 wrote to memory of 3044	2836	cmd.exe	30
PID 2836 wrote to memory of 3044	2836	cmd.exe	30
PID 2836 wrote to memory of 3044	2836	cmd.exe	30
PID 2836 wrote to memory of 3044	2836	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6d280fae32631c97a0e3f54222436240_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3044

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
fab8243915a4af3a8f40d687af0b17b1

SHA1
2316ee0f51200fc5f0f014b1f5fac288767a2ef7

SHA256
72ca5854afdebe961221382d170ee4f49c32b70f304aae26ca92152ea1f165d6

SHA512
15791bf2e83700f62b232f6308d1e5218c7f70ea6847ecd079b8d5ed905605f686caaa739270c14fd398a549de5c015f745d96acf92b4589506830b5549a523a

Download Submit
memory/1984-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3044-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download