96b777438a929864d2f9976791083c66e6efa3d07cf6170785af1cddb213ffe6

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 02:18

Target

89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe
Size

79KB
MD5

89bdeb89abd06bd75e11e42cab62e050
SHA1

729623736006227aeafc9660f4126622f622ba54
SHA256

96b777438a929864d2f9976791083c66e6efa3d07cf6170785af1cddb213ffe6
SHA512

a0c6dbc3935855ebf851b3a41c1f96b1b6382c0c83f3eefe2010db032aa70c859177a6ef84d6ff40ca0ab526475d0d4fdf525ec8a0d1920a563364083260d281
SSDEEP

1536:zvBxiUe6NzJD/KUIxBOQA8AkqUhMb2nuy5wgIP0CSJ+5ycB8GMGlZ5G:zvBxigEU8wGdqU7uy5w9WMycN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1220	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2172	cmd.exe
2172	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2172	1928	89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe	29
PID 1928 wrote to memory of 2172	1928	89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe	29
PID 1928 wrote to memory of 2172	1928	89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe	29
PID 1928 wrote to memory of 2172	1928	89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe	29
PID 2172 wrote to memory of 1220	2172	cmd.exe	30
PID 2172 wrote to memory of 1220	2172	cmd.exe	30
PID 2172 wrote to memory of 1220	2172	cmd.exe	30
PID 2172 wrote to memory of 1220	2172	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\89bdeb89abd06bd75e11e42cab62e050_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1220

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
3e7358e343bd920af486370ce3b079b3

SHA1
27277bdab026340eae67fdde69ae1f4f049165c5

SHA256
200c410c2129bad593ad2b6c583f1c39feaddc4e1588c7b650e073c75a0d5d2c

SHA512
ac36955168fa5c5c86cef34fb20331d548c36331821cfcc6103bcc1fe8c4fed5ad3d0e89f00541caa61bfb9ca69262fac5f2d8bb5f9153eb919c7bc31d85fede

Download Submit
memory/1220-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1928-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download