9618fd28a269647a8b8c17309280bf11bf108f4822dd97c6ba3eb6d7a6ee8b43

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 20:53

Target

7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe
Size

79KB
MD5

7f4c364801dadb087283641f67f4bb90
SHA1

5d9284064a32f7323007c72ad51973f459fe6847
SHA256

9618fd28a269647a8b8c17309280bf11bf108f4822dd97c6ba3eb6d7a6ee8b43
SHA512

cfffb978ab3e537145ec534e54e44c5e4c6b794034cc09e4af69437b5bae541a56cca2130db8987b29ff0849cd50daec62500db4b5375066f493f19dfc0f61b1
SSDEEP

1536:zvbZO81pu5NlIOQA8AkqUhMb2nuy5wgIP0CSJ+5y4B8GMGlZ5G:zv9OmI5rNGdqU7uy5w9WMy4N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2860	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2844	cmd.exe
2844	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2844	1888	7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe	29
PID 1888 wrote to memory of 2844	1888	7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe	29
PID 1888 wrote to memory of 2844	1888	7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe	29
PID 1888 wrote to memory of 2844	1888	7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2860	2844	cmd.exe	30
PID 2844 wrote to memory of 2860	2844	cmd.exe	30
PID 2844 wrote to memory of 2860	2844	cmd.exe	30
PID 2844 wrote to memory of 2860	2844	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7f4c364801dadb087283641f67f4bb90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2860

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
941e1a0a323a9600490fa034a3da7453

SHA1
984b1581d3f287a2416790f3e1af6821c65c5eca

SHA256
c35e8117a392224ca1221cf3405f03cab24407bac71a1c7849c6ec4489b7e7e4

SHA512
b280f37b75e0b995749bab657eadeef3519cbb5b807cb4d008c790245bc62db50299c5e4e146e01a8b133072cfe01d204e6af2910631b66f52d2fd3ea86d4be6

Download Submit
memory/1888-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2860-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download