1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 07:48

Target

1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe
Size

175KB
MD5

717e97851b24d6bb6a0ec9e51839aaa0
SHA1

b558d682772bd4723caadc6e5ff96879f80fceda
SHA256

1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996
SHA512

39d2b919beffb11e5fdbc42622b769784ace01b731f8a95d21645f01eafcffe11557ce3b7582b00a3273e876b62adeb6026ae184d45143e5963e142b351aae1f
SSDEEP

3072:JY4p58qT0zcMOUa3BN0gtqE6IOuTs0fhjXGVo1ClEsznC+rHj5:JD6qTzNUaRNLtqE6IOuw0fRXGe0lEqCg

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2232	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2232	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
1960	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2232	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1960	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2232	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2232	1960	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 2232	1960	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 2232	1960	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 2232	1960	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Filesize
175KB

MD5
a36e58e13248f18b154105dbb76d2c63

SHA1
f412c3e8996ca7c070e55db52da2035bb919e529

SHA256
aa0cf68ef1bdfb6d7232831111683595cf71f392f9d0657d2c969005c9b79854

SHA512
b4bae92a0af3aab89e310c5803e7227fb506248bb5af71035ea47b261263ded2e9c9f2bb0c7a048e8a8a601b4c922910090f0f552dce982e2b6f5d9d8e65de97

Download Submit
memory/1960-3-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2232-10-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2232-11-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2232-16-0x0000000000130000-0x0000000000163000-memory.dmp

Filesize
204KB

Download