33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 04:28

Target

33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe
Size

79KB
MD5

f4fb3890c6fea0baf7b06998c6810710
SHA1

93f6398b2a43953bd55c6a9b998dc613d76cccd8
SHA256

33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f
SHA512

88631dc1d36e52f9da75e1a391a4156c227a6b6fa2ee5290a277b3d370d26dd42c5113bc0d7905e283f469e7837dd75028bfbe786e0c58ad9a88c58a836accbd
SSDEEP

1536:zvr6eee2vqONy31OQA8AkqUhMb2nuy5wgIP0CSJ+5yLB8GMGlZ5G:zvuq/sGdqU7uy5w9WMyLN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1212	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2144	cmd.exe
2144	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2144	2700	33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe	29
PID 2700 wrote to memory of 2144	2700	33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe	29
PID 2700 wrote to memory of 2144	2700	33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe	29
PID 2700 wrote to memory of 2144	2700	33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe	29
PID 2144 wrote to memory of 1212	2144	cmd.exe	30
PID 2144 wrote to memory of 1212	2144	cmd.exe	30
PID 2144 wrote to memory of 1212	2144	cmd.exe	30
PID 2144 wrote to memory of 1212	2144	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\33c3fef75524fd2e819c4a079a6360236dc84f2abe2a18d4c380c9a5edf8776f_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1212

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
ae06789264752263bd9cd5a01f4550bd

SHA1
b95ccc56c52a35db85069fd7c1bf3f3203fff92d

SHA256
31a514908992c96eb3597bf0a3a7fd68efe54bec316d011ccbf5f54868e9f37a

SHA512
98d63926a8cc6e4352e00bc8156cd6ccb3504e61be0943510ef9b7cee4509a3a8f168ebe50e4c3a68568758d5beafdacba7acfa7165ffd190d2c1910fd696843

Download Submit
memory/1212-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2700-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download