712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 15:28

Target

712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe
Size

79KB
MD5

98168a3527d5b9d8e46e099140a18130
SHA1

0ad424cb18a302af8a71320641749c0d0297d2ef
SHA256

712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf
SHA512

c921ff71319624789e59f363fd6f8248b27c3f72d507c6c56f36b0a750d9f5912f4b351174214048d88300d5a4e5a7ae997f19c56b0ccd92e425690a5ad7b403
SSDEEP

1536:zvjDnhhh6RomOQA8AkqUhMb2nuy5wgIP0CSJ+5ygB8GMGlZ5G:zv/n16RojGdqU7uy5w9WMygN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1740	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
1508	cmd.exe
1508	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 1508	1028	712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe	29
PID 1028 wrote to memory of 1508	1028	712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe	29
PID 1028 wrote to memory of 1508	1028	712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe	29
PID 1028 wrote to memory of 1508	1028	712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe	29
PID 1508 wrote to memory of 1740	1508	cmd.exe	30
PID 1508 wrote to memory of 1740	1508	cmd.exe	30
PID 1508 wrote to memory of 1740	1508	cmd.exe	30
PID 1508 wrote to memory of 1740	1508	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\712d1902ce07547538478af75b554fc790f38a140051ba78dcbbd401d9e28daf_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1740

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
600b5f85b99f5cf4785c0c2906d26a18

SHA1
7132b970404d295ed0b1b98a76da2c97cc7fe364

SHA256
d9f32237de01b5072cf5751915231dd5dc043775a8970729cf8c6fe1ea91766e

SHA512
ef4f90a5838d90e2e21c34af9a72033cdae59b936d2dd7875d325898fbf073b3eac311fd521f296d90b3fed6262edf08eb9a9841b8f877a271737391c5bb53c8

Download Submit
memory/1028-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1740-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download