55f9403f76c8a8546b99f26b78f72f1f5eea34f61163cf0211bd2ae7b89465c5

Analysis

max time kernel
139s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 21:35

Target

419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe
Size

73KB
MD5

419e3dd5c94c961f6bbe28dc1bbdd380
SHA1

ec52cf1212009b0a20a277fb9936e226c02074eb
SHA256

55f9403f76c8a8546b99f26b78f72f1f5eea34f61163cf0211bd2ae7b89465c5
SHA512

c53034b9501da92569268617a5dbf31cb3679805001e0a0a47a8b1d408b904001b07944d275da63ecf002cbbc3e712a6c650e21a906a444d18359b0d0ff11748
SSDEEP

1536:HahGy7fReZKteO2R/SfVkXb+obLalWGgcd3:8HjR5cO2Sqb+odGg0

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1136	vabkemar.exe

Loads dropped DLL 1 IoCs

pid	Process
2240	419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	checkip.dyndns.org

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1136	2240	419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe	28
PID 2240 wrote to memory of 1136	2240	419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe	28
PID 2240 wrote to memory of 1136	2240	419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe	28
PID 2240 wrote to memory of 1136	2240	419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\419e3dd5c94c961f6bbe28dc1bbdd380_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\vabkemar.exe
  C:\Users\Admin\AppData\Local\Temp\vabkemar.exe
  2⤵
  - Executes dropped EXE
  PID:1136

\Users\Admin\AppData\Local\Temp\vabkemar.exe

Filesize
73KB

MD5
18ebae76d7ab25ce928ef00470347edb

SHA1
d8aff725654b3a7797e87a28438614c6e290e236

SHA256
e169f2cb504b3ff00703cc7227f63305fa1d29827f3ecb51c47b2d4ef6f3b59d

SHA512
4bf94fbe60cc9061924774881bfe9775b2b2685b73a9963f09dc6eeaccb639689ba6628ab1a1233b58e89c1e425fd2f6fb7add979bc72b727551b340978891d9

Download Submit
memory/1136-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2240-1-0x0000000000405000-0x0000000000408000-memory.dmp

Filesize
12KB

Download