50f730a738c17f549908caf1998522dfba42ae9c3c6c0ebfdc9339159a746b6b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 23:29

Target

57ed0965f655953951a8cc873e15c9c0_NeikiAnalytics.exe
Size

3.5MB
MD5

57ed0965f655953951a8cc873e15c9c0
SHA1

aecc892c9aadb50cf633d4a243ee11d8014e0970
SHA256

50f730a738c17f549908caf1998522dfba42ae9c3c6c0ebfdc9339159a746b6b
SHA512

561f0c88e90a9dca560af02a8069f90fde084556f874efef72bb35795aa00e2bb001ecc2e0a1a2f87d56c57a9e0cbc8e6c29e1fddc0444d7c8ea3312f1f309e0
SSDEEP

49152:gPNw3cXdxScQTBAaKGs3SwDSaETrZrytg6V2YyjRabMA1dTtOvJVPlHfFvNFi/Gu:glZAs3SaSa4I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2592	1964	57ed0965f655953951a8cc873e15c9c0_NeikiAnalytics.exe	28
PID 1964 wrote to memory of 2592	1964	57ed0965f655953951a8cc873e15c9c0_NeikiAnalytics.exe	28
PID 1964 wrote to memory of 2592	1964	57ed0965f655953951a8cc873e15c9c0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\57ed0965f655953951a8cc873e15c9c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57ed0965f655953951a8cc873e15c9c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1964 -s 628
  2⤵
  PID:2592

memory/1964-0-0x000007FEF54F3000-0x000007FEF54F4000-memory.dmp

Filesize
4KB

Download
memory/1964-1-0x00000000009A0000-0x0000000000D20000-memory.dmp

Filesize
3.5MB

Download
memory/1964-2-0x000007FEF54F0000-0x000007FEF5EDC000-memory.dmp

Filesize
9.9MB

Download
memory/1964-3-0x000007FEF54F3000-0x000007FEF54F4000-memory.dmp

Filesize
4KB

Download
memory/1964-4-0x000007FEF54F0000-0x000007FEF5EDC000-memory.dmp

Filesize
9.9MB

Download