Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-05-2024 23:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe
-
Size
456KB
-
MD5
5606b4f826ff22d16848eb8d73f54fe0
-
SHA1
dc91227153e3e14a43b8183b18c7d9574495a8c7
-
SHA256
085e06aba394f7ab8911390519f30dcbbce71a7ea7d8ca2d48db491c8619750c
-
SHA512
73567f6f32f394b8241763daa923a30b94a775b532f1902fd4cd4c5fdd16131e5392851115d335d47c28dac31478d1db30151d4a24db36e6a10c5772aa55f8f3
-
SSDEEP
12288:lBgFKf1pZ9nL57QT44uYWwMXbHu0wGgFn:HgFk1pZ9VsT44uNwMXbHDwn
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 3028 2916 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exedescription pid Process procid_target PID 2916 wrote to memory of 3028 2916 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 29 PID 2916 wrote to memory of 3028 2916 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 29 PID 2916 wrote to memory of 3028 2916 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 29 PID 2916 wrote to memory of 3028 2916 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 522⤵
- Program crash
PID:3028
-