e86780f820e0c014fd7b458313a7790babbe5749342461d6d2a57629d17c4b08

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 02:36

Target

73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe
Size

79KB
MD5

73b4213d39d9ffe0f1686dcb96f2f850
SHA1

5d7da90af67d49665bd390afcb8f0c42c5066344
SHA256

e86780f820e0c014fd7b458313a7790babbe5749342461d6d2a57629d17c4b08
SHA512

841de81502791aa3eab813b1ca9d5d7b8b8ce86518ea7b5c84180a1d040ca33af762f67cca283b2fb90846484917718faf8eee357aa64197b0fc9b10ff14191b
SSDEEP

1536:zvSKKHfuaJOwqOQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zviHfuXwfGdqU7uy5w9WMyON5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2192	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2920	cmd.exe
2920	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2920	2064	73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe	29
PID 2064 wrote to memory of 2920	2064	73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe	29
PID 2064 wrote to memory of 2920	2064	73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe	29
PID 2064 wrote to memory of 2920	2064	73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe	29
PID 2920 wrote to memory of 2192	2920	cmd.exe	30
PID 2920 wrote to memory of 2192	2920	cmd.exe	30
PID 2920 wrote to memory of 2192	2920	cmd.exe	30
PID 2920 wrote to memory of 2192	2920	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\73b4213d39d9ffe0f1686dcb96f2f850_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2192

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
0c13bdf37b41852cd13862a827332de4

SHA1
45fdd5a4412a5178f8bdad16ca83b0d68b675e8e

SHA256
1c547dee4a1337f129ccae588a1a1ba39eac9e2abf75e8ecd688285d1bd9b8b6

SHA512
afae853e84b7478170874eac3ddc9e9f99128451bb4f5c080531b1f61f3c092a3639a0b3a14346f077e4f752fa8f2a9ce932f2fa7717be31ebf6f6d8c89f0c43

Download Submit
memory/2064-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2192-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download