c7c07646a470bae58626ced55e7577b92e9da3f0719dea04c5434a27cc58b6fc

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 08:40

Target

94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe
Size

79KB
MD5

94d8a307d90cd73f519ef0c89b922a70
SHA1

97bf8fb6bd3bfb8686b6b6eb086328cfcba74b68
SHA256

c7c07646a470bae58626ced55e7577b92e9da3f0719dea04c5434a27cc58b6fc
SHA512

78e15ed7278116816214274a00fe951f2b641edfb98b7b0ec627c4e76395ce1b7a9660f558edf08e42b1ce80217e1f6092e24d1aef9db5bc567bb662de95560c
SSDEEP

1536:zv5Y5nkqk6vDUOQA8AkqUhMb2nuy5wgIP0CSJ+5ycLB8GMGlZ5G:zv59qlRGdqU7uy5w9WMycLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2932	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2504	cmd.exe
2504	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2504	2660	94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 2504	2660	94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 2504	2660	94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe	29
PID 2660 wrote to memory of 2504	2660	94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe	29
PID 2504 wrote to memory of 2932	2504	cmd.exe	30
PID 2504 wrote to memory of 2932	2504	cmd.exe	30
PID 2504 wrote to memory of 2932	2504	cmd.exe	30
PID 2504 wrote to memory of 2932	2504	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\94d8a307d90cd73f519ef0c89b922a70_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2932

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
94bedac7eca5d928fc31dda9bbbf77f4

SHA1
c59c4cf32bd8db09e3e379279b800fab8b32d731

SHA256
286c4f8b0cb4f56ed88d61d0deb7bb0a5adc37128f952fe695d25ed4ef194075

SHA512
c96416bb85f1c2bcf6f128e277176268ed1a960c400c76cb408caddf0756db0f1fd740a95455381d7cec01c843b2233e4788370acbb9b24762860d72e7948681

Download Submit
memory/2660-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2932-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download