043f863e9b459df189e2a7f3122e8b23b7148d407e5d3b5df61332de60f7d4da

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 00:58

Target

5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe
Size

79KB
MD5

5d8aa8b405e6796cebd2a631844001f0
SHA1

1d899138be86085a14718b908ba84254e4c4fe3d
SHA256

043f863e9b459df189e2a7f3122e8b23b7148d407e5d3b5df61332de60f7d4da
SHA512

63e438a20793450cbbc3cd255d090a969e27224d4f5bd26eae0c9956ab0a5a91179575fe440c6838981b1e51f258e4c5a7b8449d7fdb13a511d00da333ac3c05
SSDEEP

1536:zvr6eee2vqONy31OQA8AkqUhMb2nuy5wgIP0CSJ+5ySB8GMGlZ5G:zvuq/sGdqU7uy5w9WMySN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2864	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2420	cmd.exe
2420	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2420	2396	5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe	29
PID 2396 wrote to memory of 2420	2396	5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe	29
PID 2396 wrote to memory of 2420	2396	5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe	29
PID 2396 wrote to memory of 2420	2396	5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe	29
PID 2420 wrote to memory of 2864	2420	cmd.exe	30
PID 2420 wrote to memory of 2864	2420	cmd.exe	30
PID 2420 wrote to memory of 2864	2420	cmd.exe	30
PID 2420 wrote to memory of 2864	2420	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5d8aa8b405e6796cebd2a631844001f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2864

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e4bc883b220164a5c8ebecebe5d98956

SHA1
fa7f03f75e74a7d14c94af7f3351de74fd4904a5

SHA256
96445a672ca542c59f6171734b69fa1c6df16a8111ef6fc8bd1797b6bfdd0ed8

SHA512
dc109c750c83d4654d397483a54f1873c1525fda9b95fd2d868a2050b236b7ac0ff2d3d5a6cac50d48ac1a3908aafbb7288137cb82db796a26d6b0acd5012be9

Download Submit
memory/2396-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2864-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download