67350329e278ed14cc9fbde08cb28707f200d4b9a63a03f4af901c9b3876260d

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 14:31

Target

5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe
Size

885KB
MD5

5e891896c4c07f7f46b5f2d198880ab0
SHA1

20b592fa56aab5fb5fb1c150ae9c701cd8732754
SHA256

67350329e278ed14cc9fbde08cb28707f200d4b9a63a03f4af901c9b3876260d
SHA512

1df53f52279adf34618bc4ee8b5de6e4682054b00f1dd6cd465991d144a158e553ea5a3688ee3d7c943a10c8e59f1db0a817266591551857cf48544cd1686431
SSDEEP

12288:YXHRDCerNUTYSrXThbhAG75jcfiy1Bx3fjlDa/ZSy:YXdUTYSrXThbhAGifion3da/ZSy

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
2248	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe
2900	WerFault.exe
2900	WerFault.exe
2900	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2900	2732	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2248	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2732	2248	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	29
PID 2248 wrote to memory of 2732	2248	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	29
PID 2248 wrote to memory of 2732	2248	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	29
PID 2248 wrote to memory of 2732	2248	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	29
PID 2732 wrote to memory of 2900	2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	30
PID 2732 wrote to memory of 2900	2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	30
PID 2732 wrote to memory of 2900	2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	30
PID 2732 wrote to memory of 2900	2732	5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\5e891896c4c07f7f46b5f2d198880ab0_NeikiAnalytics.exe

Filesize
885KB

MD5
40c884be5dac47ba26c2d0ffa4bda55f

SHA1
9621c1262d2a977f78279f549eb09d81849fce0e

SHA256
7a07af62c6633a5402be987c3a5c8bb6daa7d6a9cd1c2c35f1df2275ae9ba6ef

SHA512
2c6e98d63c7189e77c355255dfcc2beb2f332d08eb11146a5017760790b2e645824cb8fc360b33e30fbcd1205ee7c739687a9a5d07e83a5f94e7d52e9f5a9d2c

Download Submit
memory/2248-0-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2732-8-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2732-9-0x0000000002E60000-0x0000000002F48000-memory.dmp

Filesize
928KB

Download