8809dcc4baa2c91036b2a6301bbb452b8c3a1fd41029f4bd4d2fe8c48b81a62d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 02:20

Target

6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe
Size

73KB
MD5

6037af823a1f919f4063a3dbd19f0520
SHA1

5539bb4fd3669742f3d01d86127abd0d2bc66295
SHA256

8809dcc4baa2c91036b2a6301bbb452b8c3a1fd41029f4bd4d2fe8c48b81a62d
SHA512

f101c2d20e1cf6405c124b976f6c6a83a33c60b93be2a3ad101b12ecf70ef8ea797ed210d3ff5961247271d3e56d1525dd7c389d343037fc8d330cb6d6b3ea81
SSDEEP

1536:hbYNv0f2k5FKK5QPqfhVWbdsmA+RjPFLC+e5hD0ZGUGf2g:h8Nv0b5FKNPqfcxA+HFshDOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2228	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1048	cmd.exe
1048	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1048	1708	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 1048	1708	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 1048	1708	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 1048	1708	6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe	29
PID 1048 wrote to memory of 2228	1048	cmd.exe	30
PID 1048 wrote to memory of 2228	1048	cmd.exe	30
PID 1048 wrote to memory of 2228	1048	cmd.exe	30
PID 1048 wrote to memory of 2228	1048	cmd.exe	30
PID 2228 wrote to memory of 2252	2228	[email protected]	31
PID 2228 wrote to memory of 2252	2228	[email protected]	31
PID 2228 wrote to memory of 2252	2228	[email protected]	31
PID 2228 wrote to memory of 2252	2228	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6037af823a1f919f4063a3dbd19f0520_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2228
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2252

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
b4b0df88ae098a8b2087c5a5e6c6c21c

SHA1
437d404b3d9f9a5d3ac2b2e07a6ea74195a6d492

SHA256
83898592c6ca8491960862e1d11185313dfe572b6de15fd09c0d83c56a78951b

SHA512
84b9476907ed99b7f9ba9baf34625020c6e9940e4a4a38868966cee3f91654d9d04f6278b96ec0f2e4f23f3f6b3d3b344f7ffafec3bbb392b77f56ceca35235b

Download Submit
memory/1708-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2228-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download