f9d0f0691a55a7501368085b229a264a0ff8814575b82813f3be3bff779bc762

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 16:06

Target

820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe
Size

1.9MB
MD5

820a6240ccab835b54d26f3478d55d40
SHA1

1bb658b8d19cff82fffd1f19c244991601c80fda
SHA256

f9d0f0691a55a7501368085b229a264a0ff8814575b82813f3be3bff779bc762
SHA512

6a5c8085d6fc4798a0155185e8620ef885c2813e6033884ef6da9187dd5db380adf604d0d2d2402dadb607156b7e6a35075bcd9283cc98c452ed871d82c1a2e0
SSDEEP

24576:cGNszRGVAkRBbHfRWJtBGmIE4slV0boqGP/7G0N/iQ1kT1qtAi:ciLHf8tBGT+obePzAQ1gwZ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2688	2372	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2688	2372	820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe	28
PID 2372 wrote to memory of 2688	2372	820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe	28
PID 2372 wrote to memory of 2688	2372	820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe	28
PID 2372 wrote to memory of 2688	2372	820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\820a6240ccab835b54d26f3478d55d40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 588
  2⤵
  - Program crash
  PID:2688

memory/2372-0-0x000000007415E000-0x000000007415F000-memory.dmp

Filesize
4KB

Download
memory/2372-1-0x0000000000870000-0x0000000000A62000-memory.dmp

Filesize
1.9MB

Download
memory/2372-2-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download
memory/2372-3-0x0000000074150000-0x000000007483E000-memory.dmp

Filesize
6.9MB

Download