7637a87ffc3aa71dcd7809b2acb169dd2fb53c7d5889d506a92b217421430b4f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 06:54

Target

7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
Size

79KB
MD5

7bb74497189d4e16c27b570c697c3d40
SHA1

1e9febe8f2086a95334da119a0f3ebeb5db140b8
SHA256

7637a87ffc3aa71dcd7809b2acb169dd2fb53c7d5889d506a92b217421430b4f
SHA512

72771ffe2e9caa6a6c3c5b99a6cb78d1f8e7d2869d649e0296d5d1c5af4348255ac3499a9f26c97051179c22a63afe4e73fda52f16947d23e224b9fcb3a4ac97
SSDEEP

1536:zv3yCHpuHMR5KOQA8AkqUhMb2nuy5wgIP0CSJ+5yVB8GMGlZ5G:zvi0uHM3/GdqU7uy5w9WMyVN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1016	cmd.exe
1016	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1016	3056	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1016	3056	7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe	29
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30
PID 1016 wrote to memory of 2456	1016	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7bb74497189d4e16c27b570c697c3d40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1016
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2456

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
d1889ebff1cdbd3da1116780cc589e8d

SHA1
286201a7cf75dd805a1240c596da228c4e842cc0

SHA256
3b34cb96054d523417982c196a4ac3a4bd6e1f7aab86cbacae28785f624ea113

SHA512
f1fccfc4c17a858742edc4d232f646feb96cae2038f18f7ee738e137b6c5ca451070c5364c732bfaa9b8434bf24b0a3f473f8dd28d2bf06b561f4b4523038810

Download Submit
memory/2456-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download