d5ad59ae55db78ecc67be3b28a922bebe246414c4bd5432b1f99584413d07ae5

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 03:57

Target

6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe
Size

79KB
MD5

6361fe309de1f5af3a7eda443d6d3a60
SHA1

e1ea9501fd9cb69329d74f50993d051f0a65e766
SHA256

d5ad59ae55db78ecc67be3b28a922bebe246414c4bd5432b1f99584413d07ae5
SHA512

d27bd7266f4925cd2068f1b49a73eb5d118ce20a1718661f1a193a2c0bc604a6d43d80b36b4db4756bc66b62a2381e068dd836144ed70f7f53efdd6bf992b5e9
SSDEEP

1536:zvsva71+WE0bxOQA8AkqUhMb2nuy5wgIP0CSJ+5yVtB8GMGlZ5G:zv1/rEGdqU7uy5w9WMyzN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1776	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2872	cmd.exe
2872	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 2872	1400	6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe	29
PID 1400 wrote to memory of 2872	1400	6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe	29
PID 1400 wrote to memory of 2872	1400	6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe	29
PID 1400 wrote to memory of 2872	1400	6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe	29
PID 2872 wrote to memory of 1776	2872	cmd.exe	30
PID 2872 wrote to memory of 1776	2872	cmd.exe	30
PID 2872 wrote to memory of 1776	2872	cmd.exe	30
PID 2872 wrote to memory of 1776	2872	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6361fe309de1f5af3a7eda443d6d3a60_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1776

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
f99c0eb5cf40bfff0d6d4996571a46b7

SHA1
8328ff21d249b9bec28a6689620ce69070049ef2

SHA256
7197d7fdf208a6eaab53704d90a3fe28c76712697e433cb57e2a2af8a8d28814

SHA512
d1cb19fc967bcde5893dcab616fcbcea2b74e458a3858cce31b7477ea1bc928671ef945ffe7e5bd53d7990f4410f5a7ac00e311963c3c76fc49af800d63938db

Download Submit
memory/1400-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1776-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download