9497a0b106c1d669cc6cf44808a90f3edea0f41c14dbac68b13fbb37cdaa7c5e

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 09:51

Target

e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe
Size

393KB
MD5

e80f2a6c6b825a709d6af0cb4011cd40
SHA1

adaaa7e3ebffd10ae99a748ec3b5f8bde9f902aa
SHA256

9497a0b106c1d669cc6cf44808a90f3edea0f41c14dbac68b13fbb37cdaa7c5e
SHA512

1e42f02aae9b717d59dcc75296fdb5a60d7b0161c4466c9983408406ba8f914070aa4e51722ca87fa0933d20510e15bb3e2a3624c10683d709842c786249c9be
SSDEEP

6144:3nMfIq+XLROUxHXGmUReIyZyCcgHuV4OAO+to7s:3MgZXNOUBXXRTO5t+qs

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
3856	e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe.back

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4508-0-0x0000000000CD0000-0x0000000000D35000-memory.dmp	upx
behavioral2/files/0x000700000002328e-4.dat	upx
behavioral2/memory/4508-5-0x0000000000CD0000-0x0000000000D35000-memory.dmp	upx
behavioral2/memory/3856-7-0x00000000003E0000-0x0000000000445000-memory.dmp	upx
behavioral2/memory/3856-8-0x00000000003E0000-0x0000000000445000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 3856	4508	e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe	83
PID 4508 wrote to memory of 3856	4508	e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe	83
PID 4508 wrote to memory of 3856	4508	e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe	83

C:\Users\Admin\AppData\Local\Temp\e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Users\Admin\AppData\Local\Temp\e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe.back
  "C:\Users\Admin\AppData\Local\Temp\e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe.back"
  2⤵
  - Executes dropped EXE
  PID:3856

C:\Users\Admin\AppData\Local\Temp\e80f2a6c6b825a709d6af0cb4011cd40_NeikiAnalytics.exe.back

Filesize
393KB

MD5
02156797da0c069b328ecb1937726330

SHA1
d9efa235557d00d609cd9d4cda5277d09fa88d6c

SHA256
b676ac84c63b41cb14cb748c61f72d43fda12471163668eb0a2ea7c984bac217

SHA512
ae025cb6fab4436b94627f7cfdcede3b13c1f08d7f83b321cbd6143b6dd24cf002e8dface592c29c7faf529c1423dc99e34f542e9c77462b5e0d2ec3ca79dab9

Download Submit
memory/3856-7-0x00000000003E0000-0x0000000000445000-memory.dmp

Filesize
404KB

Download
memory/3856-8-0x00000000003E0000-0x0000000000445000-memory.dmp

Filesize
404KB

Download
memory/4508-0-0x0000000000CD0000-0x0000000000D35000-memory.dmp

Filesize
404KB

Download
memory/4508-5-0x0000000000CD0000-0x0000000000D35000-memory.dmp

Filesize
404KB

Download