1bb811828bd3ba370014ef51acc30d84f44e11b490135a668ba9dbff39d1a9b8

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 11:37

Target

2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe
Size

65KB
MD5

2640bb34bce377db5d4b251202c0ed30
SHA1

45b7464559dcda36cd87b1adf7758a3ad8838a43
SHA256

1bb811828bd3ba370014ef51acc30d84f44e11b490135a668ba9dbff39d1a9b8
SHA512

1cc6eaa3e7e89212855484a39fd78b0440ca59e68b0add6bf910d70ec00fe1108d79b5201082bcbf8674f358ada95bbbfa24970ab548f5567276b3f91d4fa247
SSDEEP

768:STEb2+m2iVXJlDHYhhDnyhkzCXELQhTkES5uzqBrOQ3tpoINv6eBJXM8VjvQrZPj:i+m1DLUDnKUCXNBpJqsQrvQGJXNBTu

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2680	nioltei.exe

Loads dropped DLL 2 IoCs

pid	Process
2424	2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe
2424	2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	checkip.dyndns.org

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2680	2424	2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe	28
PID 2424 wrote to memory of 2680	2424	2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe	28
PID 2424 wrote to memory of 2680	2424	2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe	28
PID 2424 wrote to memory of 2680	2424	2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2640bb34bce377db5d4b251202c0ed30_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\Temp\nioltei.exe
  C:\Users\Admin\AppData\Local\Temp\nioltei.exe
  2⤵
  - Executes dropped EXE
  PID:2680

C:\Users\Admin\AppData\Local\Temp\nioltei.exe

Filesize
66KB

MD5
2adad39ff744b993818fc4059e3080bb

SHA1
c80b1704d5ed8ab594abcc832756cd9ac3c7ce9e

SHA256
b14763934b4f184c8dc49f714cfd46df8404d4dc0a51dd7903c3e76092135093

SHA512
09c47d923c4531026b9a482e4b5370b279a7579f40723529fd7ddc50776c8a52348310e213c5996c414624443e3bd556021dd280a3ca82410b98f93afabb9bcb

Download Submit
memory/2424-1-0x0000000000401000-0x0000000000403000-memory.dmp

Filesize
8KB

Download
memory/2680-10-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download