548cf75e7abfb400bbf05576fe0d1c65234c3aaa2210607705338e5623f897ae

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 22:20

Target

820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe
Size

79KB
MD5

820e52d1d10c5b9e6d1fe30b3ee0ab70
SHA1

e9c3ec2956b55702ea4bfb589ea2bed3f03dd9c6
SHA256

548cf75e7abfb400bbf05576fe0d1c65234c3aaa2210607705338e5623f897ae
SHA512

56158135838260f1b571717c86e96b83918beed051baf09b71083a9e72fffb30c4a01ac1728f9356dd3c06a89c4fb6b6710f63064d295bdc3d9a9e70ef2953bd
SSDEEP

1536:zvpe1QMQ+OQA8AkqUhMb2nuy5wgIP0CSJ+5y8B8GMGlZ5G:zvpe1crGdqU7uy5w9WMy8N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2860	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2512	cmd.exe
2512	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 2512	1036	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	29
PID 1036 wrote to memory of 2512	1036	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	29
PID 1036 wrote to memory of 2512	1036	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	29
PID 1036 wrote to memory of 2512	1036	820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe	29
PID 2512 wrote to memory of 2860	2512	cmd.exe	30
PID 2512 wrote to memory of 2860	2512	cmd.exe	30
PID 2512 wrote to memory of 2860	2512	cmd.exe	30
PID 2512 wrote to memory of 2860	2512	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\820e52d1d10c5b9e6d1fe30b3ee0ab70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2860

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d0cac962c9ccca6c67893016e740c16f

SHA1
da82fc95e07cb7cd16b868529a2beec9874329c6

SHA256
aea8e70dff06e273d7f7f344b4964d6aae81d60327c6ccc66a6335b605bc1c1e

SHA512
e5e858123db8c532583a62e1970b423f996bdb9067bd83033a705349f5222990d1717a881af121a9f98422314919ec92ca9ec0563dbe67cb5c21fdccc39c3b4e

Download Submit
memory/1036-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2860-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download