55d9514b75c948f144ca4398c81a70633840ad76cd3ca7f2a5d26bdcd0789f75

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 09:10

Target

95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe
Size

79KB
MD5

95c4bd07ee18f24c80dcb256b8481780
SHA1

40d6ecff861ab8d4eb14ce57bdf40dba43249afe
SHA256

55d9514b75c948f144ca4398c81a70633840ad76cd3ca7f2a5d26bdcd0789f75
SHA512

9ac104cf384ad6e04e1af17605f6e9902e9afa0787f772b9edd1208375e60cc8b21e13bcefe398d8acb0e39e71f44995af04d3355497ed0f185b2eb70ff0b06a
SSDEEP

1536:zvIrfPpJ2wPGPmjE8Sj4Q7OQA8AkqUhMb2nuy5wgIP0CSJ+5y+4B8GMGlZ5G:zv+3ptGeO0QqGdqU7uy5w9WMyfN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1208	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1936	cmd.exe
1936	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 1936	1964	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	29
PID 1964 wrote to memory of 1936	1964	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	29
PID 1964 wrote to memory of 1936	1964	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	29
PID 1964 wrote to memory of 1936	1964	95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe	29
PID 1936 wrote to memory of 1208	1936	cmd.exe	30
PID 1936 wrote to memory of 1208	1936	cmd.exe	30
PID 1936 wrote to memory of 1208	1936	cmd.exe	30
PID 1936 wrote to memory of 1208	1936	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95c4bd07ee18f24c80dcb256b8481780_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1208

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
8c3aff32212a186ad8fc1d33a0dbee3a

SHA1
1ef422c6e5d781aaeca6072cfa7dbbe6b152c3d0

SHA256
8361b54081a19fd03d67b0971a6292d1c404cbb2d16ffe8cffb656620d958350

SHA512
2104527c55810c0409fefcba4e8e01cb009200d4044fd0f67d0f0d2e4789c5fc70e4544005749789c269fdf64ecc46c3aa5c1d578cd986a2f580e33cc5eb952d

Download Submit
memory/1208-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1964-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download