372ec271d098e670bf02ecb58e8b1a7393eb22cfdd721bf80b34a6539ae61918

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 07:00

Target

695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe
Size

79KB
MD5

695b493eab27e2798ab8f566e74dd3b0
SHA1

f52d4439ec684d6e2938756672a3aa16417d065d
SHA256

372ec271d098e670bf02ecb58e8b1a7393eb22cfdd721bf80b34a6539ae61918
SHA512

92a08187c1f78439b17420e34dd1b2afaea6399d831695cb9966436bacba5cb8e7df9d24ba3c714fa9d2aff35291e9108977a6f792aee0e24822bcce0892d399
SSDEEP

1536:zvNY1FBub1Ht0OQA8AkqUhMb2nuy5wgIP0CSJ+5yqB8GMGlZ5G:zvNQFexGdqU7uy5w9WMyqN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1316	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1788	cmd.exe
1788	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1788	2088	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	29
PID 2088 wrote to memory of 1788	2088	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	29
PID 2088 wrote to memory of 1788	2088	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	29
PID 2088 wrote to memory of 1788	2088	695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe	29
PID 1788 wrote to memory of 1316	1788	cmd.exe	30
PID 1788 wrote to memory of 1316	1788	cmd.exe	30
PID 1788 wrote to memory of 1316	1788	cmd.exe	30
PID 1788 wrote to memory of 1316	1788	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\695b493eab27e2798ab8f566e74dd3b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1316

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
483c11926e0c56aac6a79b586e39ef6c

SHA1
ff7efe8023c484bffe4616d9af9a7d0bd1d77eb0

SHA256
1b6c2fc5c62873e7b041e34c760581148573a0065b811cdcabaaa107d31e52f9

SHA512
7801a480ced7c154892de5ead95f30fd86be8c89cdacaf755253903df344f4125f2c64f0f17f1b44aa9edc02481a1987f8ab4569a327fc7ea37839c27800f5d5

Download Submit
memory/1316-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2088-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download