3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 06:49

Target

3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe
Size

79KB
MD5

c94ea62f425c542fdf0e005b11c5c010
SHA1

03a60a2c354a9583c4b4e21aef11939f39238f40
SHA256

3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e
SHA512

65e95f47de54678f8bf7595a4a3538740f52cf9af190668039391204fb611397ee493211e02565e82f4e59b16a76c44d5073c28b7d3b44ad7ea528517e3a86d3
SSDEEP

1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5yoPB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMyoPN5G

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2604	[email protected]

Loads dropped DLL 2 IoCs

pid	Process
2936	cmd.exe
2936	cmd.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2936	3068	3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe	29
PID 3068 wrote to memory of 2936	3068	3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe	29
PID 3068 wrote to memory of 2936	3068	3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe	29
PID 3068 wrote to memory of 2936	3068	3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe	29
PID 2936 wrote to memory of 2604	2936	cmd.exe	30
PID 2936 wrote to memory of 2604	2936	cmd.exe	30
PID 2936 wrote to memory of 2604	2936	cmd.exe	30
PID 2936 wrote to memory of 2604	2936	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3d4ba82141ab759d31f882966f5a37dd7d5b07a419cb03df53421e1638a9703e_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c [email protected]
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\[email protected]
    [email protected]
    3⤵
    - Executes dropped EXE
    PID:2604

C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
79KB

MD5
6c502a08fd328c935a2afc19b6f25565

SHA1
4093d6a6afc8e006f51b076a6adbaa08c09bd798

SHA256
b8f815971a6bee919daff703cf957da4dd870e4807d1ef6e0c62bc3b95831b21

SHA512
0bf858809f62a91b1e5ca3082d47a69b76360672381946c1b4beede77554b0a294b85515df153a7e41292517b196cb21ebe681a179fe74ec8d40ee2457d21359

Download Submit
memory/2604-7-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3068-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download