12bebfb01ee0bf04da7b4454e19945045ec7d0b368db29bf7951f01ebcedb254

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 22:35

Target

12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe
Size

1.2MB
MD5

12aa8fae2e8be546aecca9deda2085f0
SHA1

ebf48d06cb6b2c4dd3dad2da3cdc991374bd8d0a
SHA256

12bebfb01ee0bf04da7b4454e19945045ec7d0b368db29bf7951f01ebcedb254
SHA512

fb70c1041c42e8f0b04c354ee8a61e3fd37167a68962e81c76c2c8e61c84095d3570648d5840c60bfad8d2831ee8419267ddbde13c6cf21ead4561b47f5c2c0d
SSDEEP

12288:uNNk7XWBGtrlLEr7pUdZjVDa/ZSVDzHnhvMCtjW:uNNkQGtrl67pUdfa/ZSVDbueC

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3804	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
3804	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4968	2928	WerFault.exe	81
408	3804	WerFault.exe	89
2868	3804	WerFault.exe	89

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2928	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3804	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3804	2928	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	89
PID 2928 wrote to memory of 3804	2928	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	89
PID 2928 wrote to memory of 3804	2928	12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe	89

C:\Users\Admin\AppData\Local\Temp\12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 344
  2⤵
  - Program crash
  PID:4968
- C:\Users\Admin\AppData\Local\Temp\12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3804
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 344
    3⤵
    - Program crash
    PID:408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 356
    3⤵
    - Program crash
    PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2928 -ip 2928
1⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3804 -ip 3804
1⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3804 -ip 3804
1⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\12aa8fae2e8be546aecca9deda2085f0_NeikiAnalytics.exe

Filesize
1.2MB

MD5
7884d133a3a2f41c484816366803c806

SHA1
fa77d927f927c5a9ab655d0a728dae608929eb17

SHA256
b274b2b45cfe0a6fb079cb2fc678b2f1e29dcd4a088ccd97d1092bf11f900bc4

SHA512
5fa91305850e01b95adcb84d089290aa8b2ae9e75e3491981d3e1713504f5d288e9c9b144e0deb64d68478b933633c5278618b53a6e55da4b12d2c6851f060dc

Download Submit
memory/2928-0-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/2928-6-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3804-7-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3804-8-0x0000000004E40000-0x0000000004F2C000-memory.dmp

Filesize
944KB

Download
memory/3804-10-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download