a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 19:26

Target

a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe
Size

79KB
MD5

88930636947b5c248b52cbd63e85d820
SHA1

7608ec237209889e48a98977a546e2bab86f31da
SHA256

a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136
SHA512

829e72ddf267dbd1f3d88cdd4735a59e6b52ffa3573fb9b4bb5340f7f37ee634842d65d52fa65581a52d1158ee3d33b5b80bacd34f4f71d5fdbaddb522e5d7e9
SSDEEP

1536:zvETb/iYzCXgoHYMIOQA8AkqUhMb2nuy5wgIP0CSJ+5yxBB8GMGlZ5G:zvETLiYOXgoHLNGdqU7uy5w9WMy3N5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1844	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2024	cmd.exe
2024	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2024	2540	a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe	29
PID 2540 wrote to memory of 2024	2540	a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe	29
PID 2540 wrote to memory of 2024	2540	a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe	29
PID 2540 wrote to memory of 2024	2540	a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe	29
PID 2024 wrote to memory of 1844	2024	cmd.exe	30
PID 2024 wrote to memory of 1844	2024	cmd.exe	30
PID 2024 wrote to memory of 1844	2024	cmd.exe	30
PID 2024 wrote to memory of 1844	2024	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a7b566aae4c8f77086332ff1eccdb238bd28ce691ca41bfd4488353c72ab3136_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:1844

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
dfac88dad58491dffe7c160c80d798c2

SHA1
3621ff9c93124a91f088e9a3d6fdc4c80fbdf5ae

SHA256
37d70a62834d02f624bbf0bc8d1eb5b1eb7e34bc0042776599e04cbbc0fa2bcd

SHA512
1417847ca8edc457fed14732ca0c8bd80455ca6fdd938b9a73550a53769fe31021e21fbf24b658983723f9391732f14ed865987cc16fac9610c8e39a6f981f20

Download Submit
memory/1844-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2540-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download