9c586aaaef1f25b25c33d420fe30ff87ce6fc8184400452880868c7513069098

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 10:40

Target

c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe
Size

22KB
MD5

c345ae6d0691777f2d6af7f94cce1980
SHA1

324415e6856ed0cb565d05b3f886de7c91649f16
SHA256

9c586aaaef1f25b25c33d420fe30ff87ce6fc8184400452880868c7513069098
SHA512

1d7e65c8b93c8e28a8c4d168cb833e557c313d215864a8e2cbff72d7118a8f6c9c957df355f4b0be117f4d813ac27925519918a09351a37d3ceecc975c6de915
SSDEEP

384:ciacr9OSLip6gXk1bTwddHTxd72kaUUOJdAIjc:ySsXeydHTL72GUOJ2cc

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2792	ckovo.exe

Loads dropped DLL 2 IoCs

pid	Process
2192	c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe
2192	c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2792	2192	c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2792	2192	c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2792	2192	c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2792	2192	c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\c345ae6d0691777f2d6af7f94cce1980_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\ckovo.exe
  C:\Users\Admin\AppData\Local\Temp\ckovo.exe
  2⤵
  - Executes dropped EXE
  PID:2792

\Users\Admin\AppData\Local\Temp\ckovo.exe

Filesize
22KB

MD5
3d2241228d7af0c79282356eeca54df0

SHA1
f2f8e9081be32ccbde3e4c192929694908dd22d3

SHA256
57d4e1adbd7b7904dd6c7aa0c5c90a95da4296358c25e231bbc09cf85d6fb963

SHA512
0a191b55740474a79068513eb4d01ef40c25fd68fe885d23ed2ddda68f64738cd164e6cdaa0c80091c6fe09937ae317918b84722952155036e224e45939b7a98

Download Submit
memory/2192-2-0x0000000000402000-0x0000000000404000-memory.dmp

Filesize
8KB

Download
memory/2792-10-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download