4c87df12dce6b7076cc029a3f0f6000d6187e3ddf47dad9d5a0d9070187619a2

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:45

Target

16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe
Size

63KB
MD5

16415f85d6fb98bc04992b2a4e4f0a40
SHA1

b8d55dd0057328e760934f89bd73af683082aaca
SHA256

4c87df12dce6b7076cc029a3f0f6000d6187e3ddf47dad9d5a0d9070187619a2
SHA512

13d21acebab1e84e091ec307c306889a353dd0274daea29f0e13a39c1eeb36b8994cb19997455d4743bfe0c1dcdbc623347a490fcd9aa37c02f48804c877d7d4
SSDEEP

1536:8ikK1/LL8KQHNA4ond7hw9eheh8dXf4vt+uhyY/tePBaPfqz52:8ikS/VQjond7hinaf4fwsi0

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

razacer.exe

pid process

3056 razacer.exe
Loads dropped DLL 1 IoCs

Processes:

16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe

pid process

2412 16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

3 icanhazip.com

pid	process
3056	razacer.exe

pid	process
2412	16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe

flow	ioc
3	icanhazip.com

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe

description	pid	process	target process
PID 2412 wrote to memory of 3056	2412	16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe	razacer.exe
PID 2412 wrote to memory of 3056	2412	16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe	razacer.exe
PID 2412 wrote to memory of 3056	2412	16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe	razacer.exe
PID 2412 wrote to memory of 3056	2412	16415f85d6fb98bc04992b2a4e4f0a40_NeikiAnalytics.exe	razacer.exe

C:\Users\Admin\AppData\Local\Temp\razacer.exe
C:\Users\Admin\AppData\Local\Temp\razacer.exe
2⤵
- Executes dropped EXE
PID:3056

\Users\Admin\AppData\Local\Temp\razacer.exe

Filesize
63KB

MD5
f1938f4bfeccaab509bf6e4c5ce5f112

SHA1
75f20b3c440bcc17fe0dffe46656cc1e9d85430f

SHA256
0b69e26244f9afa7e53601e2532001197d4aa9ff3ffd81eb637ed213d1d28a7e

SHA512
bb6fcb4bcea895b3357862aad442de33c86b8ef0ddda79b291d3f911d385ccac85bac815df6fd76419faee8bca814ca08f2dd94515b4ebe006a1c3f492c6262e

Download Submit
memory/2412-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2412-2-0x0000000000402000-0x0000000000404000-memory.dmp

Filesize
8KB

Download
memory/2412-8-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-9-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3056-11-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download