6cb6d8f6cf81dc1108ff0449bae6ee795eda9a7cd21f9b2796ceeea4a733e5ef

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:37

Target

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Size

179KB
MD5

41dfddd61c9b8fd9c25e24691bc86b60
SHA1

ed1d3b6312164be5748d8bdd939c70d0e344cfd5
SHA256

6cb6d8f6cf81dc1108ff0449bae6ee795eda9a7cd21f9b2796ceeea4a733e5ef
SHA512

720ed0fc994d15e049139aebf134d3532590095eb06b366f6e49a941292a62d2d63c4d8e3c62be9f8b3234f30cb9a97ecb225e7e33647543776917a96c031f6e
SSDEEP

3072:0mQXVMAUa7wuHtqTAvRXc2R6h9QOSR114q3sQfUQndfyJO1eH328bWT:0G8HIAvFc2R6h9QJRnvc0UQnd6gsX2E

Score

7^/10

Deletes itself 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

2112 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

2112 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

2012 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

2112 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

2012 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

2112 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
2112	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
2112	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
2012	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
2112	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
2012	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
2112	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

description	pid	process	target process
PID 2012 wrote to memory of 2112	2012	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
PID 2012 wrote to memory of 2112	2012	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
PID 2012 wrote to memory of 2112	2012	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
PID 2012 wrote to memory of 2112	2012	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

Filesize
179KB

MD5
81401c08d29f36d2d7bac75f579b1427

SHA1
a889f19524636a764dd95268a99634016065c068

SHA256
2b1d75b71a8252953a5442cb0afa3faa33f74149182e234ca8df7e2ecd3eff3f

SHA512
030e4329d1c768bf85fe1cd3faff1a776d9fdb77cd04753d0c4aace02ae46b65a03ff8fd998dfa3b9d4ce80817ea218122f9bebdcf1050c9b857ad5ea052e35e

Download Submit
memory/2012-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2012-10-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2112-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2112-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2112-17-0x0000000000130000-0x0000000000165000-memory.dmp

Filesize
212KB

Download