dd42af02ee8497054dd5af3f64384d662f748439d50243bb96cba42eb6037e25

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 12:18

Target

a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe
Size

79KB
MD5

a33552117ff162df9a6fcfb2dd65ae90
SHA1

a14ad4fcb5f9d5182459590312162c758a7564a6
SHA256

dd42af02ee8497054dd5af3f64384d662f748439d50243bb96cba42eb6037e25
SHA512

d605003ddda5215379ab3a8bf0e90bc71dd02a395227de0a8f91c649d0f9d974fc434e5d8e442dc4d9bcc38db2d6720adc8353fee50ec6d37f8ad4ec6aeb8da9
SSDEEP

1536:zvEvt1GpLp/OQA8AkqUhMb2nuy5wgIP0CSJ+5ykB8GMGlZ5G:zva1yLp2GdqU7uy5w9WMykN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1956	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2064	cmd.exe
2064	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 2064	992	a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe	29
PID 992 wrote to memory of 2064	992	a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe	29
PID 992 wrote to memory of 2064	992	a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe	29
PID 992 wrote to memory of 2064	992	a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe	29
PID 2064 wrote to memory of 1956	2064	cmd.exe	30
PID 2064 wrote to memory of 1956	2064	cmd.exe	30
PID 2064 wrote to memory of 1956	2064	cmd.exe	30
PID 2064 wrote to memory of 1956	2064	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a33552117ff162df9a6fcfb2dd65ae90_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1956

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
1e7d8bbde67f6690cf9556c61d710eed

SHA1
fb86a6f7e0bf373868331fc010a341c0396bbb8e

SHA256
6e19a1397ca9a6e8b40966080024ee2e0d3a9b77faabb4f0168344cc907deba5

SHA512
a610b55da4f4cad4371db2f6f7a37a3fb7ef23d360fda2d1ad5346a6b275f2d6ea374fdf205e3fd74e70300506a20df5528681bbc2867f7a92203fed3b3defb1

Download Submit
memory/992-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1956-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download