aeaf58f331bd89c0df5dc9f8e5dbbdf427f33d49b2ed899816e6aa345c44d3b1

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 04:28

Target

9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe
Size

79KB
MD5

9b8805cdce27de24c67afd2e44b0e760
SHA1

0ffc7720550e8e1e81741907e0b463f57f7cae96
SHA256

aeaf58f331bd89c0df5dc9f8e5dbbdf427f33d49b2ed899816e6aa345c44d3b1
SHA512

27af5d9ae97d152b13f5cfbec1aaa1148246cc275f0a522325be7c37f2b58bcc0ec306f5882a625da16014b2dc17b07ef59bfbcd292222e1ffdddad069b6b23e
SSDEEP

1536:zvgM2E1o/OQA8AkqUhMb2nuy5wgIP0CSJ+5yJB8GMGlZ5G:zvgMa2GdqU7uy5w9WMyJN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1196	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1144	cmd.exe
1144	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1144	3056	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1144	3056	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1144	3056	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 1144	3056	9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe	29
PID 1144 wrote to memory of 1196	1144	cmd.exe	30
PID 1144 wrote to memory of 1196	1144	cmd.exe	30
PID 1144 wrote to memory of 1196	1144	cmd.exe	30
PID 1144 wrote to memory of 1196	1144	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9b8805cdce27de24c67afd2e44b0e760_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1196

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
9be8e6689c55b645bda68286ece82ebe

SHA1
222762cdd7832ed3283a835f022eabc52d967cc3

SHA256
79bc54011a27a3a0ade59f621d81ccd3ae68ccb87af0ada5153720804dcfe206

SHA512
2d01ed0e1d67af29c8cfc07806ab88f487c6d8e9ed1f63a6c3425a7d011ee5ca2c4c02f3feb075858ab8b363f9b62a7be526d63972b92f55d08fe22c8d01020b

Download Submit
memory/1196-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download