12bebfb01ee0bf04da7b4454e19945045ec7d0b368db29bf7951f01ebcedb254

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 22:35

Target

12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe
Size

1.2MB
MD5

12aa8fae2e8be546aecca9deda2085f0
SHA1

ebf48d06cb6b2c4dd3dad2da3cdc991374bd8d0a
SHA256

12bebfb01ee0bf04da7b4454e19945045ec7d0b368db29bf7951f01ebcedb254
SHA512

fb70c1041c42e8f0b04c354ee8a61e3fd37167a68962e81c76c2c8e61c84095d3570648d5840c60bfad8d2831ee8419267ddbde13c6cf21ead4561b47f5c2c0d
SSDEEP

12288:uNNk7XWBGtrlLEr7pUdZjVDa/ZSVDzHnhvMCtjW:uNNkQGtrl67pUdfa/ZSVDbueC

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
2892	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe
3056	WerFault.exe
3056	WerFault.exe
3056	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3056	1740	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2892	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1740	2892	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 1740	2892	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 1740	2892	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	29
PID 2892 wrote to memory of 1740	2892	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	29
PID 1740 wrote to memory of 3056	1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	30
PID 1740 wrote to memory of 3056	1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	30
PID 1740 wrote to memory of 3056	1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	30
PID 1740 wrote to memory of 3056	1740	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Filesize
1.2MB

MD5
1545f30ef72cf1be56c81cfdf2892a77

SHA1
48f83e2fad613431643c434b366afa493536f16e

SHA256
22d002b6d791f976961f7611fa4ad0b9b4aff64b3de41a21dada439de988bdaf

SHA512
f80b980af320cc3846b634d1234548dbba4e3e9698cd87e3b9e4eac259cc4d139bea63bb090cd62c3a9a29130f69db418df84bb9b91c9feaf50772ed0267c3a8

Download Submit
memory/1740-10-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/1740-11-0x0000000002F50000-0x000000000303C000-memory.dmp

Filesize
944KB

Download
memory/2892-0-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/2892-9-0x0000000002DF0000-0x0000000002EDC000-memory.dmp

Filesize
944KB

Download
memory/2892-7-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download