b02b590751ad234ef8620ac6a00f8a3f9aed7efdc2ebedca5ea63b593f72e8c7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 05:53

Target

79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe
Size

79KB
MD5

79c5baed8cb09a19e1358a80a21fb010
SHA1

760ae7df0ce2df88c7aaf837d970bfe34a330afa
SHA256

b02b590751ad234ef8620ac6a00f8a3f9aed7efdc2ebedca5ea63b593f72e8c7
SHA512

2e3f1b4aa708b1e23139ea9116d9a7b273b9372d915e4aafb1edd89df2db70b76a29f243ede4b5e1aa6c3d2fb825479aa205b56d9bf396034866cedd7d9cd419
SSDEEP

1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5y0B8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMy0N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3036	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2660	cmd.exe
2660	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2660	2400	79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe	29
PID 2400 wrote to memory of 2660	2400	79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe	29
PID 2400 wrote to memory of 2660	2400	79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe	29
PID 2400 wrote to memory of 2660	2400	79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 3036	2660	cmd.exe	30
PID 2660 wrote to memory of 3036	2660	cmd.exe	30
PID 2660 wrote to memory of 3036	2660	cmd.exe	30
PID 2660 wrote to memory of 3036	2660	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\79c5baed8cb09a19e1358a80a21fb010_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3036

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
dd14f1a0148ba1aadf25c3f6f382cf76

SHA1
a802b65aea13d10a08a29b8211658e33283d6a5e

SHA256
a46fab5d0431c5c420d0f63efbb1d67cca41a88a5ecc8f026053bc6eb97507e1

SHA512
c4118ca14aa0d2dfe39c0a70d39ff12accb5669c80e9bfd6d075f1c66cb7e9da15249a1db0af43ee535f47e3eed34a2825b3e5b1a1b7dc8d79d54b934feb98f0

Download Submit
memory/2400-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3036-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download