ad18d5cdacc2d2b192b255c587301684349ceeb34f851bdb42d956d9cf9c407d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 09:12

Target

95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe
Size

79KB
MD5

95d0c50e4cd7ee2ef1eda846e9d99c40
SHA1

92c5d2dfa00e307f13da8549070850e1b5253b7a
SHA256

ad18d5cdacc2d2b192b255c587301684349ceeb34f851bdb42d956d9cf9c407d
SHA512

f0422910f91095841aaaf3a44658237b18324bc87c00e4569e920228d4bcbc9690594df8ff3aec68f5ab2cf30a143a19334d31501b15d899857ba56bda93f6a8
SSDEEP

1536:zvSPRRRf384f0+zOQA8AkqUhMb2nuy5wgIP0CSJ+5yTB8GMGlZ5G:zv0RRRfZfQGdqU7uy5w9WMyTN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2456	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2188	cmd.exe
2188	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2188	2116	95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2188	2116	95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2188	2116	95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe	29
PID 2116 wrote to memory of 2188	2116	95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe	29
PID 2188 wrote to memory of 2456	2188	cmd.exe	30
PID 2188 wrote to memory of 2456	2188	cmd.exe	30
PID 2188 wrote to memory of 2456	2188	cmd.exe	30
PID 2188 wrote to memory of 2456	2188	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95d0c50e4cd7ee2ef1eda846e9d99c40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2456

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
cf5248d8522ca3537b2874c178c553b4

SHA1
0296d8b8298b8b439f212744f4bdf14a9b094130

SHA256
a3585dbdcbaebff9bc78df73efcfd50a548140310f1403d6844eb6cc7a64664d

SHA512
c271b0eb7dba865335eb8610020a53389765d107ca52b10fa2524069ca948e658135b66fae73b0cba140d64320710491ced0d8a608661e7a15d23b71d7c0f012

Download Submit
memory/2116-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2456-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download