fe4fa7305de0aede7733cbb11d57a45d5a57fe79d0713e26a59e620421f71fa5

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 16:11

Target

6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe
Size

79KB
MD5

6b1c5fafb42b37cb091346d564480bc0
SHA1

8cce94e7aafdd020318bdfbd00c3bdcda8902eec
SHA256

fe4fa7305de0aede7733cbb11d57a45d5a57fe79d0713e26a59e620421f71fa5
SHA512

74e149c0d97d322fe021730a9544763a6cd65346f8d570b7c6351464111723ef7b7297ba0e4bdb8a863aea27131c8f6e7c4ce1211ac0765e965779834d9f06b2
SSDEEP

1536:zvmkZZZb2LA41Wq6OQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvmq2LCCGdqU7uy5w9WMy/N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2680	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3004	cmd.exe
3004	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 3004	1368	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 3004	1368	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 3004	1368	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	29
PID 1368 wrote to memory of 3004	1368	6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe	29
PID 3004 wrote to memory of 2680	3004	cmd.exe	30
PID 3004 wrote to memory of 2680	3004	cmd.exe	30
PID 3004 wrote to memory of 2680	3004	cmd.exe	30
PID 3004 wrote to memory of 2680	3004	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b1c5fafb42b37cb091346d564480bc0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2680

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ac2b834190b5db2c6ee8f89cd831632d

SHA1
1ca59632d11ae4281dbb6ed45343f3636ba27f14

SHA256
6f4eb35b6fac44db2d68211c4fc16a180cff9c1aac75d8a7b31ff0a440afb700

SHA512
662b53a51ba1eda2fecd6d32935722482175b27525482f59a56e18fd4c4603255baea9ad3bba9f413dc9791eaa5f0bc9ec0f892d24bc249321f6089694006bb0

Download Submit
memory/1368-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2680-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download