e4a3459d059bf7f49b7978b1e1900c067daf49912172457747ebd5515c060eaf

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:42

Target

647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe
Size

73KB
MD5

647858b855ed7ed64af0f57e4735cd60
SHA1

4c213951dbdf8f8e049b9185b6c88e7ef7293aa3
SHA256

e4a3459d059bf7f49b7978b1e1900c067daf49912172457747ebd5515c060eaf
SHA512

2764fdbb6488de958ffd1b172488a968071e2b2605723c341b0aea3662a42f5be46309904e2eeff904602a9bc00d65cb4947d7eb9d4988fbdfcbbc4498fd240a
SSDEEP

768:hZZ6Zyf9SDcnZARkcr07JP9Xdg7SV5bWNy1IMakG98N+hayyyOHoW5iKTNGNXftU:1gDcIJ0JlXuGEUaWMnHcJOVkOBM

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

irhikit.exe

pid process

2924 irhikit.exe
Loads dropped DLL 1 IoCs

Processes:

647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe

pid process

2784 647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe

pid	process
2924	irhikit.exe

pid	process
2784	647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe

Drops file in System32 directory 2 IoCs

Processes:

647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\irhikit.exe	647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\irhikit.exe	647858b855ed7ed64af0f57e4735cd60_NeikiAnalytics.exe

C:\Windows\SysWOW64\irhikit.exe
"C:\Windows\SysWOW64\irhikit.exe"
2⤵
- Executes dropped EXE
PID:2924

C:\Windows\SysWOW64\irhikit.exe

Filesize
70KB

MD5
9f9fe1bd629e96dcfde92a1ca93e0e0d

SHA1
4a8294752aefb71670d77e484e309b10d84e876a

SHA256
49e0d01cc20481e33e09941a25f45979828d422c47d38d3702d6144630dd90fd

SHA512
46aa0fa982cb719ffc91d23b0f11acc47d04f755921324ae7be0024b691c4803f1d408714a7e48b62ac1c291dd68366f447c243cc524eba3fe6fefffa79bf6b9

Download Submit
memory/2784-5-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download