6ae3fb46310e671cd04cb0ad0713c7d2957a9b46b3293d6e1897a34ed58bcc05

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 02:37

Target

60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe
Size

73KB
MD5

60d23e6d7cb52fc598411e0685507ea0
SHA1

967ee64fbbe2769cdd9506f0c57fcbb903f6e444
SHA256

6ae3fb46310e671cd04cb0ad0713c7d2957a9b46b3293d6e1897a34ed58bcc05
SHA512

1135c53cd1db4d267385a9cc1ea8647b45ae43a33c65f10facba8c314d85f98df57910f1a348ca508c64180bfe4f8f34bfc2d7d72655434c579e5bc0f5f11c10
SSDEEP

1536:hbzMXkZKK5QPqfhVWbdsmA+RjPFLC+e5hUQ0ZGUGf2g:hUXkkNPqfcxA+HFsh1Og

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2432	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2380	cmd.exe
2380	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 2380	348	60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe	29
PID 348 wrote to memory of 2380	348	60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe	29
PID 348 wrote to memory of 2380	348	60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe	29
PID 348 wrote to memory of 2380	348	60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe	29
PID 2380 wrote to memory of 2432	2380	cmd.exe	30
PID 2380 wrote to memory of 2432	2380	cmd.exe	30
PID 2380 wrote to memory of 2432	2380	cmd.exe	30
PID 2380 wrote to memory of 2432	2380	cmd.exe	30
PID 2432 wrote to memory of 1912	2432	[email protected]	31
PID 2432 wrote to memory of 1912	2432	[email protected]	31
PID 2432 wrote to memory of 1912	2432	[email protected]	31
PID 2432 wrote to memory of 1912	2432	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\60d23e6d7cb52fc598411e0685507ea0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:1912

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
80842d2df790f0367c58dd4774530d31

SHA1
7086ba84fb9526ea03a0ce6b6444211b43667a88

SHA256
b29d9a0c521c54f5eb3debc5277eb033f6da77a13469f80de37950204dc9e394

SHA512
b56ded30d09d33a01c8dbe772d8c6c41171fdc550a5817520b764ef776478f5dc4e2532ada1e974a12410f0e7d4a76bed268c41f612f8088a4bb3b74f25dfb79

Download Submit
memory/348-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2432-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download