6020f67240e8cdbd285ee9024f3f10310e72a6bb91733eb37931e0bf4575e5eb

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 03:54

Target

8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe
Size

79KB
MD5

8c802bf2627b4cad0ed652a19be235d0
SHA1

03b1521df709fe4057f0dd20ae195b6bb598ed08
SHA256

6020f67240e8cdbd285ee9024f3f10310e72a6bb91733eb37931e0bf4575e5eb
SHA512

a8a7d4a6a3bfda7c952f647917f768247d8e5bee6e09c4e5bc1276d093c24d7d3c180bba422976c8edde11588b9ef860fabb8391b1f3d015e603d353d9ed0c65
SSDEEP

1536:zvtCL7dPmK9gv/OQA8AkqUhMb2nuy5wgIP0CSJ+5yWAB8GMGlZ5G:zvt+uKa2GdqU7uy5w9WMytN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2972	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3060	cmd.exe
3060	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 3060	1916	8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe	29
PID 1916 wrote to memory of 3060	1916	8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe	29
PID 1916 wrote to memory of 3060	1916	8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe	29
PID 1916 wrote to memory of 3060	1916	8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe	29
PID 3060 wrote to memory of 2972	3060	cmd.exe	30
PID 3060 wrote to memory of 2972	3060	cmd.exe	30
PID 3060 wrote to memory of 2972	3060	cmd.exe	30
PID 3060 wrote to memory of 2972	3060	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8c802bf2627b4cad0ed652a19be235d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2972

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
5805bfa4481c5cb9c6f53973e0f5c4c9

SHA1
39b8c957e6b149fdbfeb3466dc8c866641c8848a

SHA256
e39039046d1e9ce975df76357c2b6417aed486438a56e63f04895f4ea8b42047

SHA512
8c74a6a859426935071b9622a3b6fe4c54f008da29a15b78c39cf18afbfc815474ae135c6b97055109fa66deac7485d25ba2a9a886191815a64b381d20e20296

Download Submit
memory/1916-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2972-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download