48fdf8c275fb6b9d3e67c54e9f2eb6b4a5bfb5b8c5935d6b0527e4406537207d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 12:10

Target

d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe
Size

7KB
MD5

d15981f23aafe719beb9cf67765385e0
SHA1

bc76496139c7b374d4862bbe2d09b3c15bd7b387
SHA256

48fdf8c275fb6b9d3e67c54e9f2eb6b4a5bfb5b8c5935d6b0527e4406537207d
SHA512

11418a02b9dc62ba27ccff94be395d7cd87232bd8cffb2f83e184b9687652d294f0a49f90a6682c0523a39bf06ab5f6b72c402cd444eb6f41afc33605113bb54
SSDEEP

192:wIbyTS75GIL8jAp6qOCq05D6un1iNcEHe9UFg:wsyuL8jARL5D6un1iNcEHe9UFg

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1540	1764	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1540	1764	d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe	28
PID 1764 wrote to memory of 1540	1764	d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe	28
PID 1764 wrote to memory of 1540	1764	d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe	28
PID 1764 wrote to memory of 1540	1764	d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d15981f23aafe719beb9cf67765385e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 36
  2⤵
  - Program crash
  PID:1540