a8d1a4a57d5099a3f2920079c295fb1024016dffc1c8999cf67cfad3d7b5100b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 06:07

Target

7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe
Size

79KB
MD5

7a25b9832af3308baef37e945648e8f0
SHA1

d3269891e0087ad3aa62387ffe19ca96d1e6767c
SHA256

a8d1a4a57d5099a3f2920079c295fb1024016dffc1c8999cf67cfad3d7b5100b
SHA512

e562b949207eb25cebc05449278e11559cd5d6df7b419c001db7b3d7d3e809036d071689088df239c6e212d102ca291a699d483b63817400f713364ab4cce487
SSDEEP

1536:zvqdANke+cTyY27OQA8AkqUhMb2nuy5wgIP0CSJ+5ywB8GMGlZ5G:zvqSye+ElGdqU7uy5w9WMywN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3032	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2552	cmd.exe
2552	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2552	3024	7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe	29
PID 3024 wrote to memory of 2552	3024	7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe	29
PID 3024 wrote to memory of 2552	3024	7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe	29
PID 3024 wrote to memory of 2552	3024	7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe	29
PID 2552 wrote to memory of 3032	2552	cmd.exe	30
PID 2552 wrote to memory of 3032	2552	cmd.exe	30
PID 2552 wrote to memory of 3032	2552	cmd.exe	30
PID 2552 wrote to memory of 3032	2552	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7a25b9832af3308baef37e945648e8f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3032

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
7bac91fa6f96e5299465a1877f6903b7

SHA1
cbfd16205c62c88dde85345df63295ff47b7378c

SHA256
ee7aa3885831ceb505d044779822f19ab5c82378d234dd3df597d4c132b79b54

SHA512
be10845bb063c1d0356864fc1a6fdff6bce3e27f55608dda2b1076fabddb41f730f8a172dc2c5159d9cc6b5d802398f4c487a6ef64295ae19a4faca0490364ae

Download Submit
memory/3024-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3032-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download