f9918f331d7c5bbeb3685f86a21c25a356f5fa727ef512c820103594cd68f4eb

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/05/2024, 05:34

Target

713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe
Size

960KB
MD5

713c4baea8bc9b49105792190c349a80
SHA1

0c14ab0c1dbd04d8f84f7883602f83bd4f099bf9
SHA256

f9918f331d7c5bbeb3685f86a21c25a356f5fa727ef512c820103594cd68f4eb
SHA512

0f99043a6cd13f7c342fa27f510a28667e38b675ab46b831b66c73fa86f074f9aff5100a511105747f565536ef46361ec0d14b7d0f1c2da229d003ff9edde870
SSDEEP

6144:srX3hS0bJjtxn+oHcFIfHZVc+Rm6yxAjuHKTSwABrxxJa/YESt4mvpeBD0LciHZ:srg0b5+oG0Hyx2SjlDa/ZSt4mv+ni5

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
1728	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2136	1320	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1728	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1320	1728	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	29
PID 1728 wrote to memory of 1320	1728	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	29
PID 1728 wrote to memory of 1320	1728	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	29
PID 1728 wrote to memory of 1320	1728	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	29
PID 1320 wrote to memory of 2136	1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	30
PID 1320 wrote to memory of 2136	1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	30
PID 1320 wrote to memory of 2136	1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	30
PID 1320 wrote to memory of 2136	1320	713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe

Filesize
960KB

MD5
e0e0f91fb5c32d8ae07e319dbe454613

SHA1
1ceea59f9d545a642ff8141e8e0138c7da1afeb7

SHA256
51ebe8741d57886e18c6ab14e390c840f2654f00f7a58e4c228f31e48b7a1348

SHA512
bc8beac0b4e2f4133530e8b5246f06fec1f71bac720ca18fdad38f43c5182a6fdfac3ef4d026cf468d988ab93c178cd9d4574aecae80b46747cb574d8afdb1b8

Download Submit
memory/1320-10-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1320-11-0x0000000002E30000-0x0000000002F1F000-memory.dmp

Filesize
956KB

Download
memory/1728-0-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1728-6-0x00000000031A0000-0x000000000328F000-memory.dmp

Filesize
956KB

Download
memory/1728-8-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download