1e5d3ab16d3ce2aae7a5d19b6bf38853ca4b18df3411b79d2edc4820c2311a7f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 04:31

Target

77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe
Size

79KB
MD5

77430842f979ff78a2c9c1e15ea26070
SHA1

df36d0e3b4a302a33ddc4dbba231658648efda46
SHA256

1e5d3ab16d3ce2aae7a5d19b6bf38853ca4b18df3411b79d2edc4820c2311a7f
SHA512

055f5d2df884b3114500677a5c5652783c8be4c010f361876bc4a9e9883731aed6c227635eaedb247883130275dd8d4730c6bc7bc372338fc4039d36b817ec49
SSDEEP

1536:zvOu444kuX3UFPRWqykfOQA8AkqUhMb2nuy5wgIP0CSJ+5yStB8GMGlZ5G:zvp4449X+pJWGdqU7uy5w9WMyaN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3000	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3004	cmd.exe
3004	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 3004	2136	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 3004	2136	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 3004	2136	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	29
PID 2136 wrote to memory of 3004	2136	77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe	29
PID 3004 wrote to memory of 3000	3004	cmd.exe	30
PID 3004 wrote to memory of 3000	3004	cmd.exe	30
PID 3004 wrote to memory of 3000	3004	cmd.exe	30
PID 3004 wrote to memory of 3000	3004	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\77430842f979ff78a2c9c1e15ea26070_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3000

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
2231ba6dd1c200708b9c7b7ddfbebad9

SHA1
4b06e5a930598d43bff119c786cabc6df5aaac90

SHA256
8f691d16f2997bce07ab61655b16a0411742b92157b566617103ec268f1d81ca

SHA512
413807e124048ec3f737d1ca64353fff45195d94d171ce59b09101ba375e19cf875a236af0b27e72adfa1cc1af94b572a15f70ad118929418451e36ed968411b

Download Submit
memory/2136-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3000-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download