eee6b65b070871009ed648eecef4f14f9990e66288685e46089c801c3eafff65

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 05:17

Target

6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe
Size

79KB
MD5

6611120bc166b7eb2721a023fc90f650
SHA1

6048f9146b1c5d80093223f9525577e7fb45f357
SHA256

eee6b65b070871009ed648eecef4f14f9990e66288685e46089c801c3eafff65
SHA512

8dff4e73776004db486bf32206aae809a2cef7cca3d09687a821480fca37308f48932e0e6f3350f638eb32c4c5e611c777813e20be4e6a1b4451bc20750d4958
SSDEEP

1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zv6PsoIGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2952	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2840	cmd.exe
2840	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2840	1108	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	29
PID 1108 wrote to memory of 2840	1108	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	29
PID 1108 wrote to memory of 2840	1108	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	29
PID 1108 wrote to memory of 2840	1108	6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe	29
PID 2840 wrote to memory of 2952	2840	cmd.exe	30
PID 2840 wrote to memory of 2952	2840	cmd.exe	30
PID 2840 wrote to memory of 2952	2840	cmd.exe	30
PID 2840 wrote to memory of 2952	2840	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6611120bc166b7eb2721a023fc90f650_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2952

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
085a7ca1bfe6c15cd4aee684ab53b9ca

SHA1
c12f1a391991fea2f927bd514e0a9d044c6829b5

SHA256
5d0c017fa4dbedc939a4941f1d92bd365b755753456f498bada7659f0eedc921

SHA512
233b8df807fa9bb60af2c81fb9660f087d5ba696177e846e9c5dbb000b507fca2a6a3d8d61a6deabda2c7dc0dd47169efa6d4b561967005368979c60f4d073a0

Download Submit
memory/1108-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2952-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download