e7df5d2a0af791a143d7c7997669c63c1fb3da2655c79ad659221076b59e8739

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 02:51

Target

0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe
Size

79KB
MD5

0c7d9bfd8d7c4237de21e3e309aa8160
SHA1

5be7a9645623ecdaddebdbb5296e4253ba05e0f1
SHA256

e7df5d2a0af791a143d7c7997669c63c1fb3da2655c79ad659221076b59e8739
SHA512

156391d74b389928866f9c61b16e8bee48f09845556bff62b4c553c47732a4a2364d8da30b9bb87ae1c8a6439d87cfe286056d077c273d35f10f2f6bf3fcf88a
SSDEEP

1536:zv6fdjP2uMHZAOQA8AkqUhMb2nuy5wgIP0CSJ+5yRB8GMGlZ5G:zv652PjGdqU7uy5w9WMyRN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2204	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
3056	cmd.exe
3056	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3056	2984	0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 3056	2984	0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 3056	2984	0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe	29
PID 2984 wrote to memory of 3056	2984	0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 2204	3056	cmd.exe	30
PID 3056 wrote to memory of 2204	3056	cmd.exe	30
PID 3056 wrote to memory of 2204	3056	cmd.exe	30
PID 3056 wrote to memory of 2204	3056	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0c7d9bfd8d7c4237de21e3e309aa8160_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2204

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
01f5543f50d3c94764cf20b532d41a3a

SHA1
0a4b8994ca6f4dc6563e9ab76f81df4d3ca377a4

SHA256
a0b3cb6ae75d2723df62d658ec47645af6ad218006197c4e60a520b4c1f5d16a

SHA512
c8af641c6fbc26d14bcb6ea4789685d55d28c7338cdf54c0640c686db0177305c4b99720a20a1a5ad72d706e3009d894380a8fd11310515989ebdebc5dbf8648

Download Submit
memory/2204-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2984-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download