e0d18b7794f562798f5b256e5106a2f79c2abc6e4e8589e4d89155bbf11db761

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 11:36

Target

b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe
Size

911KB
MD5

b56526a77d85d27fed838cf9bf21f210
SHA1

3386f855f6a1ccba230e823ffd5360e709503141
SHA256

e0d18b7794f562798f5b256e5106a2f79c2abc6e4e8589e4d89155bbf11db761
SHA512

2fbb124ee942a482cc5dba7d1b878b90dbdd14eda17a27f904e0b6945e036e271909c20b5ae411480aa9134d6c9d60cfbe854ec53591efc32111844686bff66a
SSDEEP

6144:RDH/Q+n9W0esxN595rPvoOkq9RTk8c1HOnV/i/fa4UwABrxxJa/YES7W+JW:rTBL5PvWI1k84uVqqZjlDa/ZS7W+A

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
2844	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2520	2372	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2844	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2372	2844	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2372	2844	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2372	2844	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	29
PID 2844 wrote to memory of 2372	2844	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	29
PID 2372 wrote to memory of 2520	2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	30
PID 2372 wrote to memory of 2520	2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	30
PID 2372 wrote to memory of 2520	2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	30
PID 2372 wrote to memory of 2520	2372	b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\b56526a77d85d27fed838cf9bf21f210_NeikiAnalytics.exe

Filesize
911KB

MD5
cfcf8418c3d7311aa29cf55b555e1f0c

SHA1
878ac74927f179a52d9a6df3430efad0ba8dde19

SHA256
dcf201d290a919794cb8d2c91b28531e5f17efae18b18cd43902c15411b2436f

SHA512
8fb4d21cf5892e18e33c040ce97acc010c2ba771cedf9b95c3fbb6ee7a9845bcbd68379dcc4fd51183702e5af52fa0068f333df886d9ac63cc9032c9adcc8a9e

Download Submit
memory/2372-9-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/2372-10-0x0000000003050000-0x0000000003140000-memory.dmp

Filesize
960KB

Download
memory/2844-0-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/2844-8-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download