e80cba7434de6e8c6bd678e24743477a250ffaa114d6d39106a117697cf6c07c

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 05:18

Target

78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe
Size

79KB
MD5

78bc36319fe8ef1cfb254389d6a4d9b0
SHA1

ea844233873498067428f76304a43a9dc33b994e
SHA256

e80cba7434de6e8c6bd678e24743477a250ffaa114d6d39106a117697cf6c07c
SHA512

5dc1e2e4324ef718f59c1f7805be8b0165f6679f6ff79dbcf9c132a566a9a02674aa9ededdfbc4fd58f51c7f9ee70d7e13fe5524c363354ad11f81301da01110
SSDEEP

1536:zvxVqtwKOQA8AkqUhMb2nuy5wgIP0CSJ+5ynaB8GMGlZ5G:zvX/GdqU7uy5w9WMyaN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2988	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2300	cmd.exe
2300	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2300	2932	78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2300	2932	78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2300	2932	78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe	29
PID 2932 wrote to memory of 2300	2932	78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe	29
PID 2300 wrote to memory of 2988	2300	cmd.exe	30
PID 2300 wrote to memory of 2988	2300	cmd.exe	30
PID 2300 wrote to memory of 2988	2300	cmd.exe	30
PID 2300 wrote to memory of 2988	2300	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\78bc36319fe8ef1cfb254389d6a4d9b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2988

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3b3114bcb99e12373761c6bd1ea071d8

SHA1
e359e6cd983339dc4613838a75f407cf439afa6a

SHA256
84c91d792ee218731628a086283450ff940111ae5e648eed6c27e9189dc4a431

SHA512
fe4ef62ed5f157e42c27a99bcb314895c3371cb4888911f39ee233abc131f5fc40005badeb74920cf2b59b78a7b32b9bf561b94acf51cd76b9f6bfdbfaba7885

Download Submit
memory/2932-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2988-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download