00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 07:16

Target

00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe
Size

73KB
MD5

b351e82ef98350091ac05f327b4e3790
SHA1

2ac20812db30f43ecf6a5b3bf177d58f095401d4
SHA256

00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727
SHA512

7617bff56b2288f700fd39ba9b169177afa70b3014ae93ba04e2f6671af09ae825a037606354780cbe37d9961a43616de535889efc7572602b473b5f9eab99a0
SSDEEP

1536:hb849LYSl+tK5QPqfhVWbdsmA+RjPFLC+e5hh0ZGUGf2g:h44FHl+tNPqfcxA+HFshhOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1920	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2316	cmd.exe
2316	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2316	2856	00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe	29
PID 2856 wrote to memory of 2316	2856	00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe	29
PID 2856 wrote to memory of 2316	2856	00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe	29
PID 2856 wrote to memory of 2316	2856	00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe	29
PID 2316 wrote to memory of 1920	2316	cmd.exe	30
PID 2316 wrote to memory of 1920	2316	cmd.exe	30
PID 2316 wrote to memory of 1920	2316	cmd.exe	30
PID 2316 wrote to memory of 1920	2316	cmd.exe	30
PID 1920 wrote to memory of 2492	1920	[email protected]	31
PID 1920 wrote to memory of 2492	1920	[email protected]	31
PID 1920 wrote to memory of 2492	1920	[email protected]	31
PID 1920 wrote to memory of 2492	1920	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\00af39e4e9cb5f0dbc837515a42fc22e4ab96df33d780383e3cf929e7f4aa727_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1920
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2492

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
ccb2474b44f9223af61e2cac543413f5

SHA1
295c20a66cd52cccaebd9b80790698dca1638558

SHA256
27f7f1b3aeb4a618422eb168b8eacf1613e5e8bcd24a0c828c2604c8c3b0a792

SHA512
42f59d9fba8211ee12422fcc1ff7cbeabf61d7927d459471f88f1bd9f64dcb6aa3c5fb0b78764b2b6808b92d6cca7386635d612fb2a7341e28061b2b48077bb3

Download Submit
memory/1920-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2856-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download