4eac969225e200bdf06a566e34da5a7509c079537bce6516ef165f65c6ba9914

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 00:05

Target

856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe
Size

79KB
MD5

856e409b133964f46a39e0a52b4345b0
SHA1

156f326eacfdceb9c7e1352391086c594eb356d4
SHA256

4eac969225e200bdf06a566e34da5a7509c079537bce6516ef165f65c6ba9914
SHA512

fbc954b667911f694ded3966894e0e724abf9ef0c4b33c2895bd926441b3a731ae603d9b6cceb2e81500d0cfb9c5a7e4941e38d2d8aabedfee223b6c6165cdeb
SSDEEP

1536:zv0/yqS3Ns20pxaJOQA8AkqUhMb2nuy5wgIP0CSJ+5y6SB8GMGlZ5G:zv0/yF2dkIGdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2208	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2204	cmd.exe
2204	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2204	2404	856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe	29
PID 2404 wrote to memory of 2204	2404	856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe	29
PID 2404 wrote to memory of 2204	2404	856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe	29
PID 2404 wrote to memory of 2204	2404	856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe	29
PID 2204 wrote to memory of 2208	2204	cmd.exe	30
PID 2204 wrote to memory of 2208	2204	cmd.exe	30
PID 2204 wrote to memory of 2208	2204	cmd.exe	30
PID 2204 wrote to memory of 2208	2204	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\856e409b133964f46a39e0a52b4345b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2208

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6294d61778cc443e2c41e1b9b8c4100a

SHA1
fbd62cf7110924921819bcf93b3ffe84a50aa617

SHA256
412a98bf60078726dda0cacec40dba6e44bd6b0f3c2c28d9042dec2b9bb2820d

SHA512
1633b882611820e1004a500a8e88105230119c3efab47c8c70b6add614775ffcca64c17beaf01d0b09d16ee3209744dca50c1d8a1d0f90af0324d5633070351b

Download Submit
memory/2208-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2404-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download