08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 21:10

Target

08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574_NeikiAnalytics.exe
Size

1.4MB
MD5

7381f9e3db7da60c8e67b453309273a0
SHA1

77e7b367770b3d31033b5a6e3051a1050ba84b0f
SHA256

08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574
SHA512

3bcd3eec70aacb021a328c35ed0842fbeeeede98eccd7709419b6b017cfc675cfbff323d843997be79d1c0b1422bc5e3db55a1157cf5b19830915849259aac2a
SSDEEP

24576:TaxBBvHoVTH3fNoKLZmN1DUZmSordfq6Ph2kkkkK4kXkkkkkkkkhLX3a20R0m:TaxrHQloGZmXYZmSadfqkbazR0m

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2320	2694.tmp

Executes dropped EXE 1 IoCs

pid	Process
2320	2694.tmp

Loads dropped DLL 1 IoCs

pid	Process
3028	08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2320	3028	08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574_NeikiAnalytics.exe	28
PID 3028 wrote to memory of 2320	3028	08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574_NeikiAnalytics.exe	28
PID 3028 wrote to memory of 2320	3028	08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574_NeikiAnalytics.exe	28
PID 3028 wrote to memory of 2320	3028	08b6cc8cfe90f3cda9f26b8057834afde072b150e0c0de9b683b4b7c7ca1d574_NeikiAnalytics.exe	28

\Users\Admin\AppData\Local\Temp\2694.tmp

Filesize
1.4MB

MD5
b359db8ab363728a518ace5df1cdc09a

SHA1
3e24da98fef281ad478e2fe47a3f9af50c6ac040

SHA256
e49191b825dc37f86ebbe204bb5fe650b7c127dcae5d1a6871be6b6bfcb6288a

SHA512
e7f4d6f4f4fc2f924bc45f705ffaa1e3ca2069742e13f6b240e51d410783212b44eb109d98a8333c588603546d6d0371abc4c99ae7dea8ecf81192c96ea77915

Download Submit