9e0c642b3c45fe10ab87168f6c4db7dc272354211ac029948d95bfa3691fe1d6

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 22:45

Target

82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe
Size

79KB
MD5

82d22a17e469d65303699b4aa2667c50
SHA1

c97977e2f167466c4c8894681d689bddaaf38eb6
SHA256

9e0c642b3c45fe10ab87168f6c4db7dc272354211ac029948d95bfa3691fe1d6
SHA512

931021f819fce4de464d52c6d8f59063aef2fafdcff82b44c48fd8b12b3f4dc28782f1097805556cad0fdd9b0e8c79a2d05d5cc44a504ed98084480874f89f90
SSDEEP

1536:zvNCFFFj+rLmZkAelOQA8AkqUhMb2nuy5wgIP0CSJ+5ytbB8GMGlZ5G:zvEFFFj+rLokALGdqU7uy5w9WMytbN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2188	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1664	cmd.exe
1664	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 1664	1244	82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe	29
PID 1244 wrote to memory of 1664	1244	82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe	29
PID 1244 wrote to memory of 1664	1244	82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe	29
PID 1244 wrote to memory of 1664	1244	82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe	29
PID 1664 wrote to memory of 2188	1664	cmd.exe	30
PID 1664 wrote to memory of 2188	1664	cmd.exe	30
PID 1664 wrote to memory of 2188	1664	cmd.exe	30
PID 1664 wrote to memory of 2188	1664	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\82d22a17e469d65303699b4aa2667c50_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2188

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
37b324a599668b60a5644b4f60bceca6

SHA1
30f680281dc66be0ce94a25eff7d33bd50f5c330

SHA256
a2484be16ccc294cb66ce016baae0749338bef990638073d41ab0b891127bf6e

SHA512
49d317853ebfd70f1a4386c7eef54863fac8c808a5f3765839e71a9c341bf809e3f652778660cf1fc5836d4606d889f460ad8163557f3b18265f8947ee77d181

Download Submit
memory/1244-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2188-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download