b6a03576eba818be5d9adf0c915cccf4c07b4d982e92a67280c78419fc747617

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 10:36

Target

3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe
Size

8.5MB
MD5

3fb86c7652c998c76ebcc362b76666a0
SHA1

1fc2ad5a67f4dd88d52b43d5922ad31829f1ceb0
SHA256

b6a03576eba818be5d9adf0c915cccf4c07b4d982e92a67280c78419fc747617
SHA512

92bc63c00da3e96b739a5e84a7c8a5ad853fbc1f601167182762d1be2960e66e9cb5f571f51b14490bc6480dcbcbb2d30a64d089e1f8206ab030e2e204127d93
SSDEEP

196608:tuCLTBOqTXrTaX8+gp1Dq9onJ5hrZERRxQ3jo4UWFolf7+Pj3iO:7TXacpNq9c5hlERRxA2WkSr

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe

pid process

1504 3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe

pid	process
1504	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe

description	pid	process	target process
PID 2012 wrote to memory of 1504	2012	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe
PID 2012 wrote to memory of 1504	2012	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe
PID 2012 wrote to memory of 1504	2012	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe	3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe
  "C:\Users\Admin\AppData\Local\Temp\3fb86c7652c998c76ebcc362b76666a0_NeikiAnalytics.exe"
  2⤵
  - Loads dropped DLL
  PID:1504

C:\Users\Admin\AppData\Local\Temp\_MEI20122\main.exe.manifest

Filesize
1KB

MD5
ede31d67bc78e42bfc1e1c56d0a930f6

SHA1
af93601c2b7ae3442142186dc98b677701567c97

SHA256
0ab101231858435ecbcc9274a3db01d3a41176452b828c6290bb9241aa50deb3

SHA512
e1f24c97f8c3d88abd0442844bdb655277b7f254fd29ff324b80d1b5357de39e830a28b3bd1367d5f75911bf6fe11e597ba6d88cf0860c0e56fbf96669b49d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI20122\python39.dll

Filesize
4.2MB

MD5
c4b75218b11808db4a04255574b2eb33

SHA1
f4a3497fb6972037fb271cfdc5b404a4b28ccf07

SHA256
53f27444e1e18cc39bdb733d19111e392769e428b518c0fc0839965b5a5727a2

SHA512
0b7ddbe6476cc230c7bdd96b5756dfb85ab769294461d1132f0411502521a2197c0f27c687df88a2cd1ab53332eaa30f17fa65f93dac3f5e56ed2b537232e69c

Download Submit