29da22b16a9e125bb39349b8158b0967ed79574c2e94d79850526c899b679e3a

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 01:39

Target

888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe
Size

79KB
MD5

888807bfe4da4cffc99adb9ee6882b50
SHA1

3ccb5d9c792ded693c61660cdf112bd81ac760f4
SHA256

29da22b16a9e125bb39349b8158b0967ed79574c2e94d79850526c899b679e3a
SHA512

16a70fe9a10b33d8cbb2590d126205a28c1e4fe11658a56202ff80f0464cf88f07dd33e60798fb501186d942b3a0b570dd2b65f9ec10bf0b4bb8b6b2f7bbd4b6
SSDEEP

1536:zvE5G5t11t9aOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zvH5VtBGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2428	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1964	cmd.exe
1964	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1964	2408	888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe	29
PID 2408 wrote to memory of 1964	2408	888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe	29
PID 2408 wrote to memory of 1964	2408	888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe	29
PID 2408 wrote to memory of 1964	2408	888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe	29
PID 1964 wrote to memory of 2428	1964	cmd.exe	30
PID 1964 wrote to memory of 2428	1964	cmd.exe	30
PID 1964 wrote to memory of 2428	1964	cmd.exe	30
PID 1964 wrote to memory of 2428	1964	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\888807bfe4da4cffc99adb9ee6882b50_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2428

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
e0c02d43a5a2309d36f7daac47cf6183

SHA1
a2c03f6ce8aa2284137f05c43d3f091dc5ab0c85

SHA256
51055b221bee84ad7f1a87dbe2da7551f3c74664e49b01e173477ba80cfb73f4

SHA512
948f677d4e335c5a56ffacd018c0de2389ea3a0a567bf4da19888fd86ddfed3bf54c0d9d440cf9f31bdd4a6a2e297e510c4fe879a9605c47088fdb651c9582f4

Download Submit
memory/2408-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2428-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download