43315c58c1ba0d5fb637bc1f825886b043787e56d8d8de894c0b5a334552920f

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 04:18

Target

9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe
Size

79KB
MD5

9b4ac8c06ee97ab6b6aabe61871170c0
SHA1

1f31f006729e3876ef96670ffb80bb0d16ee81a2
SHA256

43315c58c1ba0d5fb637bc1f825886b043787e56d8d8de894c0b5a334552920f
SHA512

c924c27b3503f06e93cc1343ef06197462af0020007dab711fbf16d4d8a0fb2595e0c42f939e9ed526a0ca6ffac075801aed2c70eb67a8c69c6ce0323a3754d3
SSDEEP

1536:zvwTPCyl/fKNwOQA8AkqUhMb2nuy5wgIP0CSJ+5yGmB8GMGlZ5G:zvwj1l/fKNlGdqU7uy5w9WMy5N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3056	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2840	cmd.exe
2840	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2840	2228	9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe	29
PID 2228 wrote to memory of 2840	2228	9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe	29
PID 2228 wrote to memory of 2840	2228	9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe	29
PID 2228 wrote to memory of 2840	2228	9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe	29
PID 2840 wrote to memory of 3056	2840	cmd.exe	30
PID 2840 wrote to memory of 3056	2840	cmd.exe	30
PID 2840 wrote to memory of 3056	2840	cmd.exe	30
PID 2840 wrote to memory of 3056	2840	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9b4ac8c06ee97ab6b6aabe61871170c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3056

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6f4500fdab9994457e20104cb52b5e50

SHA1
cfac77529b16ca3e546077a669963ae353b7286f

SHA256
b0142cac01912540e2098408fcbf4b408ca0e87fab797e29a71a073a071227a9

SHA512
e44ae6021d0953b8d7f8d454767d9061b11d9589c28dd60e15b920a5f0d8a0acde9a2a18a7039c9d2e218224205172f033563af3a98b4e5db5e99d89b11ef56d

Download Submit
memory/2228-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download