36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:44

Target

36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe
Size

73KB
MD5

332ab99c0007a221dee532195c042500
SHA1

26a533eac8c79fe31cfc8d044c7b3fc0cb9ae959
SHA256

36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1
SHA512

da7def01ed59c2e8a6f5820ffea263fa5e489bbf00720bac2ccc5fb7d94a741154820634874ddce7ac8a4829196388c8267bcf8091a2bfb8c19b2639f69fb00b
SSDEEP

1536:hbbhvDD8qtK5QPqfhVWbdsmA+RjPFLC+e5hcy0ZGUGf2g:h57LNPqfcxA+HFshxOg

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2352	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2324	cmd.exe
2324	cmd.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2324	1392	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	29
PID 1392 wrote to memory of 2324	1392	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	29
PID 1392 wrote to memory of 2324	1392	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	29
PID 1392 wrote to memory of 2324	1392	36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe	29
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2324 wrote to memory of 2352	2324	cmd.exe	30
PID 2352 wrote to memory of 2176	2352	[email protected]	31
PID 2352 wrote to memory of 2176	2352	[email protected]	31
PID 2352 wrote to memory of 2176	2352	[email protected]	31
PID 2352 wrote to memory of 2176	2352	[email protected]	31

C:\Users\Admin\AppData\Local\Temp\36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\36370484068ac0c239680d855c7aeaf26adcfcbcef75364d3069945dbdb015c1_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 00.exe
      4⤵
      PID:2176

\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
73KB

MD5
3a62ed71ae6f53ee2207a75363833bdd

SHA1
4dac5dac2a18d7ca949ec4478299c0824c83176f

SHA256
2022772299da29ebdabd81e6ee0bfaaff704d2c8610ef75651c78da385a37966

SHA512
c8ca3a57bbd3a1ce9b1b059f36767465c1e8bf886bd51c26f17a3b23c860a3f2661b7ad72385235eebdf59b925ce8c00362c174d538d085616411451f9bbfbc6

Download Submit
memory/1392-11-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2352-10-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download