ab70746dd599500c2eaa786c7a318be220dd25aeeab072929a9b5c46a3a06c69

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 01:07

Target

709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe
Size

79KB
MD5

709dcd0e8402205eb2afbbc7f04f8000
SHA1

07e2ab27a0313739af9d9102a31101fd0f67c200
SHA256

ab70746dd599500c2eaa786c7a318be220dd25aeeab072929a9b5c46a3a06c69
SHA512

aba73bd35dc1f243c1599bc3a0737399ea6d931db244ddbd10db592f4ca3255e6308f56324c07a3b79173cc5108057db7b1560650ec035a3221514878944da90
SSDEEP

1536:zvlhoiHiPFWDJOQA8AkqUhMb2nuy5wgIP0CSJ+5ylB8GMGlZ5G:zvVCd/GdqU7uy5w9WMylN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2180	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2036	cmd.exe
2036	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2036	1708	709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 2036	1708	709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 2036	1708	709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe	29
PID 1708 wrote to memory of 2036	1708	709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe	29
PID 2036 wrote to memory of 2180	2036	cmd.exe	30
PID 2036 wrote to memory of 2180	2036	cmd.exe	30
PID 2036 wrote to memory of 2180	2036	cmd.exe	30
PID 2036 wrote to memory of 2180	2036	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\709dcd0e8402205eb2afbbc7f04f8000_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2180

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e64131c1ed84173cbe7747f3af2fd12a

SHA1
f89cca9b4690e9294cad44611e4bbef4145e1a16

SHA256
bfdace9765433ca47912a1154df8b30bd94959b7847f9ec65c736b65239a0085

SHA512
5670e7843e2383bbe6c0808954204a7f4a86345e79a7b6bfca8dd0c0b6cddfedd0b61e29558117836eb4cbd58a94094e7f665ab62a1cd1c1ceb534f1536f596e

Download Submit
memory/1708-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2180-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download