020eed16adcafdc0bf469d8870066036df98cc196728b22a1209e7f6957b5e4e

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 07:17

Target

7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe
Size

79KB
MD5

7c713e5ac90ce820fe853e9520c8a360
SHA1

56d41ae1c62ee366070a0a8dd7f04fb13811e221
SHA256

020eed16adcafdc0bf469d8870066036df98cc196728b22a1209e7f6957b5e4e
SHA512

23990f64610b4728622618b443477e51e244c727ac1bef1edaed31f423cd15a52acb4d347c214170cd397eed5f0d1de9d1b17ce2cff5d8bd4098b524e903f91d
SSDEEP

1536:zvzay1pd0LctWUOQA8AkqUhMb2nuy5wgIP0CSJ+5yGB8GMGlZ5G:zvzPOxRGdqU7uy5w9WMyGN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2760	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2656	cmd.exe
2656	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2656	1276	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2656	1276	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2656	1276	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	29
PID 1276 wrote to memory of 2656	1276	7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe	29
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30
PID 2656 wrote to memory of 2760	2656	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7c713e5ac90ce820fe853e9520c8a360_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2760

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
4789894241e13fbba316ac1c453dfcba

SHA1
54119062ef5d4bf29f0fa4a743d784c004d578ce

SHA256
6f4ffdef1e418e08f1833ec4b5894b6453e327cb4b40986aa3af4558d77e1825

SHA512
00b9b782d7017c9b8cb2885b0a3584efe8b21457ea5f61d18fdf0a7143497968640ca4029e3949d0ef3ffca88ee9ca5026ead4e11141f5c17b9153a325284a23

Download Submit
memory/1276-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2760-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download