e7eb62aab7a756b36f7b76741ca2a4168b95a4f840a4b492204d0cd2473a40d4

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 13:40

Target

a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe
Size

79KB
MD5

a540dfc809b23b92876f6353a6e76ed0
SHA1

9725b2b8f215442ff65df50efb551da8fb8f09ba
SHA256

e7eb62aab7a756b36f7b76741ca2a4168b95a4f840a4b492204d0cd2473a40d4
SHA512

8be6e9c266bb5c92722014e63bdd5cba11d44ee7faa89be5a8b0a16cf9762cfadf248c5e2691deb833edf3ba8b99332b1ac475abcadcb1de9ea09d0687aacfa3
SSDEEP

1536:zvK8wXOsol+f9OQA8AkqUhMb2nuy5wgIP0CSJ+5yqB8GMGlZ5G:zvKfNoQMGdqU7uy5w9WMyqN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3028	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3012	cmd.exe
3012	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 3012	2916	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 3012	2916	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 3012	2916	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	29
PID 2916 wrote to memory of 3012	2916	a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe	29
PID 3012 wrote to memory of 3028	3012	cmd.exe	30
PID 3012 wrote to memory of 3028	3012	cmd.exe	30
PID 3012 wrote to memory of 3028	3012	cmd.exe	30
PID 3012 wrote to memory of 3028	3012	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a540dfc809b23b92876f6353a6e76ed0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:3028

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
20779cf7cbb7876aa98ff31e22b4bb31

SHA1
d341e244caa6381c99f7b9cc52d9ee0508ab7e86

SHA256
d848fb325f6c56f5c4f77505395378944f64d975472ad5c3586a1b8f7485b9f3

SHA512
46249dac8da372dea025cf0dbd58aa9e407c5ae3f5b3b44ff4b02e7f68881b5ab77c2b01424c1fa190de14dd972507f9775976de99cbfa9af219b8405df9a626

Download Submit
memory/2916-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3028-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download