249f7ef3fc0c1f457d9e857a6d3bd8d967a44d723c7a7d5541fc9c49b8c74588

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 04:35

Target

775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe
Size

79KB
MD5

775acfbae1f55489b106090f08a6e0d0
SHA1

d9b9d885127e6cfd0e3b9ca700a19482991c4dc2
SHA256

249f7ef3fc0c1f457d9e857a6d3bd8d967a44d723c7a7d5541fc9c49b8c74588
SHA512

e08421dcf315f727aeebdb906735b17564ea08c7b3585b5ca9553be247762be210e6109855df123108736be13a89331d7c2b91ee74e9f4ea8dbf958043de61c2
SSDEEP

1536:zv4au8qeCIW7WU8ikh4OQA8AkqUhMb2nuy5wgIP0CSJ+5yN7AB8GMGlZ5G:zvkzvIbHZhdGdqU7uy5w9WMyKN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2956	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2940	cmd.exe
2940	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 2940	1196	775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe	29
PID 1196 wrote to memory of 2940	1196	775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe	29
PID 1196 wrote to memory of 2940	1196	775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe	29
PID 1196 wrote to memory of 2940	1196	775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe	29
PID 2940 wrote to memory of 2956	2940	cmd.exe	30
PID 2940 wrote to memory of 2956	2940	cmd.exe	30
PID 2940 wrote to memory of 2956	2940	cmd.exe	30
PID 2940 wrote to memory of 2956	2940	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\775acfbae1f55489b106090f08a6e0d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2956

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
772d4f3e40a3c69ac2ffeecf10446cb0

SHA1
0710612e7da0fba3ad27ef7f964207b700765490

SHA256
a269825b94e3d4df3ec5221282cd89ac59d4b35648cb84e736dcea2dafd148cc

SHA512
327f214a9135d736eeacf2e63175033cc5f7a22262a03d62f40fc1aba866f1c4bac1e4537456591bf473065d6be111542c78fc90497457cc641be2966d75a94c

Download Submit
memory/1196-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2956-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download