2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56

Analysis

max time kernel
131s
max time network
142s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 01:56

Target

2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe
Size

1.7MB
MD5

2ef13041d69fc7de6194521ecabd0f00
SHA1

e4d042dec269bbdcb01262bce765ceab94f34f03
SHA256

2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56
SHA512

2a91b26a3aaf2aecda12a88b01b139df9197ccb88c67740ebafa82b803dc9e15f59823607a422c188366545ff2d0b54093979e6bfba1dceaf20d5d35638dc425
SSDEEP

24576:9Tj+YwfaeTb8Bm8N4OSu4a+GSfhedAXpeeee:VvwfehxTZF+hnXp

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
480	Process not Found
2708	alg.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\d3c907e829e253c8.bin	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2424	2484	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2484	2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2424	2484	2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe	28
PID 2484 wrote to memory of 2424	2484	2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe	28
PID 2484 wrote to memory of 2424	2484	2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe	28
PID 2484 wrote to memory of 2424	2484	2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2cd59839293e4452f9014e6a1574bf1b6f2b5e51761499a3f7870427043e1d56_NeikiAnalytics.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 336
  2⤵
  - Program crash
  PID:2424

\Windows\System32\alg.exe

Filesize
1.5MB

MD5
a9c15a15146b2b7a7a2470babe4220e7

SHA1
72c1ed456e8fa7e982960f1a15b7b525ae68c354

SHA256
b990d229f60b1eda4b7d28abd923a79190ee720798ab6969bbfc110a5d2513dc

SHA512
03cd67778127474e9b9a47f0a45d708d940f1f3f1f5c969e25e066a7dd16da03b124ba06c00c7ee5075621d89e6daa4296b1074d479600edcac01756cfb3c6b9

Download Submit
memory/2484-0-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2484-1-0x0000000000390000-0x00000000003F6000-memory.dmp

Filesize
408KB

Download
memory/2484-8-0x0000000000390000-0x00000000003F6000-memory.dmp

Filesize
408KB

Download
memory/2484-24-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2708-13-0x0000000100000000-0x000000010017E000-memory.dmp

Filesize
1.5MB

Download
memory/2708-14-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2708-20-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2708-21-0x0000000000780000-0x00000000007E0000-memory.dmp

Filesize
384KB

Download
memory/2708-25-0x0000000100000000-0x000000010017E000-memory.dmp

Filesize
1.5MB

Download