67b86711975b5435c08a96843da212088670d418763d6a2f5cfc22a1c9339b19

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 01:00

Target

8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe
Size

79KB
MD5

8735277addb9a0ad4918556fd51ab0b0
SHA1

944328ca979d4253e39021d7f087f412827a0ae6
SHA256

67b86711975b5435c08a96843da212088670d418763d6a2f5cfc22a1c9339b19
SHA512

f87d4a513524183980afaf20be441637ef00224f2d8d3d336b4cc2498341840234882b7d52fa5832b12110deee10fbbf042452d3de3cc206d2c249d67c039bf1
SSDEEP

1536:zvGhT4Toco3pHOQA8AkqUhMb2nuy5wgIP0CSJ+5y1BB8GMGlZ5G:zvMZcypuGdqU7uy5w9WMy7N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2148	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1316	cmd.exe
1316	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 1316	1284	8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe	29
PID 1284 wrote to memory of 1316	1284	8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe	29
PID 1284 wrote to memory of 1316	1284	8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe	29
PID 1284 wrote to memory of 1316	1284	8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe	29
PID 1316 wrote to memory of 2148	1316	cmd.exe	30
PID 1316 wrote to memory of 2148	1316	cmd.exe	30
PID 1316 wrote to memory of 2148	1316	cmd.exe	30
PID 1316 wrote to memory of 2148	1316	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8735277addb9a0ad4918556fd51ab0b0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2148

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
60ed594271b7c938c4e90d7d4342e2d9

SHA1
25a3c0cd38041f805a8965e6bee69a941f45c66b

SHA256
75a432c61acf130fec16bbce9625644e43b4c56dbf212121fe55a8e960d3c3ff

SHA512
65246b89397fcaf9ca6e7f5a4f017ae6e0db7425d96bc9ff140447fc2825081af2f3e388dcb85f7d30ccb6dd6780c12f69baf4b00559af22172c68930b6e5bef

Download Submit
memory/1284-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2148-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download