260ecf15dea52f4022fa3ad4c159603bf7a1a7e9c50ed7c59b08366513327e95

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:07

Target

747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe
Size

91KB
MD5

747622e72f05da82dbc7b469ff6bf630
SHA1

edf413a5553cbf328655977f76a3f7b61c218a0f
SHA256

260ecf15dea52f4022fa3ad4c159603bf7a1a7e9c50ed7c59b08366513327e95
SHA512

bb1c4a081ea14657bdab86230fc051eda9a61a3528573ac5d5f961445bcbebd36dcc8340dc4d7a1d91067369cc0d33a7c519a286ec2e933dfe3f966dec2dc56c
SSDEEP

1536:NqN3tSvEvy6kz8O3guNYfOtQMGtbYTjipvF2eoOU:NW3cEaJibYvQd2T

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

bijaweed.exe

pid process

4448 bijaweed.exe
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

27 icanhazip.com

pid	process
4448	bijaweed.exe

flow	ioc
27	icanhazip.com

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe

description	pid	process	target process
PID 1164 wrote to memory of 4448	1164	747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe	bijaweed.exe
PID 1164 wrote to memory of 4448	1164	747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe	bijaweed.exe
PID 1164 wrote to memory of 4448	1164	747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe	bijaweed.exe

C:\Users\Admin\AppData\Local\Temp\747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\747622e72f05da82dbc7b469ff6bf630_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1164

C:\Users\Admin\AppData\Local\Temp\bijaweed.exe
C:\Users\Admin\AppData\Local\Temp\bijaweed.exe
2⤵
- Executes dropped EXE
PID:4448

C:\Users\Admin\AppData\Local\Temp\bijaweed.exe

Filesize
91KB

MD5
2623a166070e395b9c4d8a0ad9ec47a2

SHA1
a8ddd77a1771b7db16b973e577f7a772f96ecfbe

SHA256
2636cf12da162fa4156b67ee54caf17a389869fc8b9a7a525434109118752118

SHA512
71f0a525e6b28477ab5b908b89861ec72c9198dadbab9bf8fd9b1e4a579a9999f901ed59d3f806a54b34145c648b80e68c7eedc4b87a5f8a30f3ed42763055b3

Download Submit
memory/1164-3-0x0000000000402000-0x0000000000404000-memory.dmp

Filesize
8KB

Download
memory/4448-5-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download