e973ba67eb65eb806141bb90ed9bb44933fdb54e2fd9ce17c8bb00bb702e433f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 06:26

Target

7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe
Size

79KB
MD5

7abbfc4e7ac5288d96016a95ffdf7e00
SHA1

734e10cd3d19edac3589e478f97a0075dea6b526
SHA256

e973ba67eb65eb806141bb90ed9bb44933fdb54e2fd9ce17c8bb00bb702e433f
SHA512

da1cce3cd38523bd9611fcf7e36a9d41a4929b1015690e2de0b94e25b85408ed4a54374c574da500dc0a5bea5a970e5d47b38b67b156b098f40fd113f4e2cb78
SSDEEP

1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMyhN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2924	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3068	cmd.exe
3068	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3068	2988	7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe	29
PID 2988 wrote to memory of 3068	2988	7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe	29
PID 2988 wrote to memory of 3068	2988	7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe	29
PID 2988 wrote to memory of 3068	2988	7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe	29
PID 3068 wrote to memory of 2924	3068	cmd.exe	30
PID 3068 wrote to memory of 2924	3068	cmd.exe	30
PID 3068 wrote to memory of 2924	3068	cmd.exe	30
PID 3068 wrote to memory of 2924	3068	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7abbfc4e7ac5288d96016a95ffdf7e00_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2924

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
c3ed5a29bd6d43207df740ac38d512d9

SHA1
fd9d43bda7f7b3f0e0817ca8f6d7e4c0975402bd

SHA256
925c052c54cb7b51c48183331387670c0c8d1d9c6a2647e2a0d68a2ac0cefd05

SHA512
7a5ca2f430ea8a46eb1cacbb73cc428af1eb53c347cb6bbc09f9d464f84a3b026b947314c18b5190a3903666e63f56f9990d0ce48c0478f1f65a00fb7036d935

Download Submit
memory/2924-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2988-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download