ad34db174668d9cb03cdedf4c4c4e3fea77cfabd912b409e748862d68559869c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 02:55

Target

617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe
Size

79KB
MD5

617bdbfbc8cd28c5ab40d2ac39d881c0
SHA1

ac89f6a7c150795b7d36420bc257a076da09ac28
SHA256

ad34db174668d9cb03cdedf4c4c4e3fea77cfabd912b409e748862d68559869c
SHA512

2e39eceb884573114c5feee474f3b0027bcf1ddaecb32883b43369203c4c2cacf0119205efccf862e8a6b9dad18f1dbf62a3ba6cd0ca642a7bc578697416aa17
SSDEEP

1536:zv5cWytItg2ofHVNz8rsOQA8AkqUhMb2nuy5wgIP0CSJ+5y3B8GMGlZ5G:zvWeu2vGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2480	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2788	cmd.exe
2788	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2788	2908	617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe	29
PID 2908 wrote to memory of 2788	2908	617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe	29
PID 2908 wrote to memory of 2788	2908	617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe	29
PID 2908 wrote to memory of 2788	2908	617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe	29
PID 2788 wrote to memory of 2480	2788	cmd.exe	30
PID 2788 wrote to memory of 2480	2788	cmd.exe	30
PID 2788 wrote to memory of 2480	2788	cmd.exe	30
PID 2788 wrote to memory of 2480	2788	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\617bdbfbc8cd28c5ab40d2ac39d881c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2480

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
cbe1c9b5d2ed91e74b6e5c40ea34c740

SHA1
e993f73975f9fd17641e0cd521c30dd1fcfdaf8e

SHA256
69e7c1add41af022242710bcc96dcd54f41eb9b541684b008128f00df09bb852

SHA512
eebe816c03e0fca8d13cb6a83197d1f27f4f320ad276895d6753d4ca9d3c6f3cf2daac78d743d181611491fa31a4e928dc4c558e61cafb95780f689bc075998e

Download Submit
memory/2480-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2908-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download