d01bee62ae304cf5c0854bbad8b8dc5644f4e094b0e047841a3dbd12c85536ff

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 01:36

Target

5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe
Size

79KB
MD5

5ee237eec90e4610a4aa38e7a7f6d4a0
SHA1

9a604051882c82f976794f6c05ac1c7c4ee79ccf
SHA256

d01bee62ae304cf5c0854bbad8b8dc5644f4e094b0e047841a3dbd12c85536ff
SHA512

e5bced0cf7d2f30bfe497dfc0c1300a1053a742b1f3354602d87fda8d3ce20f4f862f377af450521019ce8fb0822ca39236f8f24812685e453dca44a1d91cbf3
SSDEEP

1536:zvANfA7voIfaFOQA8AkqUhMb2nuy5wgIP0CSJ+5y2B8GMGlZ5G:zvANfvi9GdqU7uy5w9WMy2N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2600	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1756	cmd.exe
1756	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1756	2992	5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 1756	2992	5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 1756	2992	5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe	29
PID 2992 wrote to memory of 1756	2992	5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe	29
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30
PID 1756 wrote to memory of 2600	1756	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ee237eec90e4610a4aa38e7a7f6d4a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2600

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
23d8fc73e1e242fd231f90a91fd7939e

SHA1
6b83b7f505c534206648b59da82dc424cd59da6a

SHA256
79b015d12bb0ca5b51af4d0e2a0d9d8dfee8cf00f84232ff6141a17ea82703ac

SHA512
fcef8905e1e6db25bdfb96493a9be0467c73defac33c0da6da93dd4ae7a64224b5416ed585ed5c067ad9815c6522f16ff6370d6e2d4d23fec8bfe01944855a14

Download Submit
memory/2600-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2992-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download