77c19c02045efa0ad6844bcf56c253b52e6a94f06d35d4cc413b72f1eed3ba37

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 08:03

Target

93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe
Size

79KB
MD5

93ae8adce9c93a3e50b9d9c16b976580
SHA1

98d4f87e8d69dff2fb2476950bc5e7b18565fe69
SHA256

77c19c02045efa0ad6844bcf56c253b52e6a94f06d35d4cc413b72f1eed3ba37
SHA512

fdd47b69d144bb144ce16512b4b8d6e4e69e56790df7ad8316fb8c4d145cb98169e61dccd4b944fc56c15601117a031318711970a542ad4bcb82008ba396fec2
SSDEEP

1536:zvT7uOoAwg4YQn3COQA8AkqUhMb2nuy5wgIP0CSJ+5yiB8GMGlZ5G:zv+OoT3GdqU7uy5w9WMyiN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2508	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2116	cmd.exe
2116	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 2116	1440	93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe	29
PID 1440 wrote to memory of 2116	1440	93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe	29
PID 1440 wrote to memory of 2116	1440	93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe	29
PID 1440 wrote to memory of 2116	1440	93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2508	2116	cmd.exe	30
PID 2116 wrote to memory of 2508	2116	cmd.exe	30
PID 2116 wrote to memory of 2508	2116	cmd.exe	30
PID 2116 wrote to memory of 2508	2116	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\93ae8adce9c93a3e50b9d9c16b976580_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2508

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
40978f40ffa164f20c2743bb040cfd76

SHA1
34ab915094de4ccbeae8ac934d3a9cd0feb917e2

SHA256
19767f2381cb518cb136543dfef00bc68b3e9a0eb6fd7dab12665a43dc10be81

SHA512
adabd56c7673bfc8a0e39dba108602a90ca77871894d756e2cfb756075628db53d8e6676d23d76617b1582590aab50e938b5a370336980eb190b8cb0f43bd991

Download Submit
memory/1440-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2508-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download