6cb6d8f6cf81dc1108ff0449bae6ee795eda9a7cd21f9b2796ceeea4a733e5ef

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:37

Target

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Size

179KB
MD5

41dfddd61c9b8fd9c25e24691bc86b60
SHA1

ed1d3b6312164be5748d8bdd939c70d0e344cfd5
SHA256

6cb6d8f6cf81dc1108ff0449bae6ee795eda9a7cd21f9b2796ceeea4a733e5ef
SHA512

720ed0fc994d15e049139aebf134d3532590095eb06b366f6e49a941292a62d2d63c4d8e3c62be9f8b3234f30cb9a97ecb225e7e33647543776917a96c031f6e
SSDEEP

3072:0mQXVMAUa7wuHtqTAvRXc2R6h9QOSR114q3sQfUQndfyJO1eH328bWT:0G8HIAvFc2R6h9QJRnvc0UQnd6gsX2E

Score

7^/10

Deletes itself 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

1940 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

1940 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
1940	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
1940	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

Program crash 7 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3760	1324	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
4536	1940	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
4628	1940	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
404	1940	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
3084	1940	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
4448	1940	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
5068	1940	WerFault.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

1324 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid process

1940 41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
1324	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

pid	process
1940	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

description	pid	process	target process
PID 1324 wrote to memory of 1940	1324	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
PID 1324 wrote to memory of 1940	1324	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
PID 1324 wrote to memory of 1940	1324	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe	41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 384
  2⤵
  - Program crash
  PID:3760
- C:\Users\Admin\AppData\Local\Temp\41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1940
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 356
    3⤵
    - Program crash
    PID:4536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 768
    3⤵
    - Program crash
    PID:4628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 788
    3⤵
    - Program crash
    PID:404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 808
    3⤵
    - Program crash
    PID:3084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 776
    3⤵
    - Program crash
    PID:4448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 816
    3⤵
    - Program crash
    PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1324 -ip 1324
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1940 -ip 1940
1⤵
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1940 -ip 1940
1⤵
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1940 -ip 1940
1⤵
PID:1568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1940 -ip 1940
1⤵
PID:440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1940 -ip 1940
1⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1940 -ip 1940
1⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\41dfddd61c9b8fd9c25e24691bc86b60_NeikiAnalytics.exe

Filesize
179KB

MD5
695844ded39c5759c04202e88728d248

SHA1
6ab36383a6fe51df31dabd3ce767a6fb4b0366f5

SHA256
11c2fa0c419de17982ea8536d5acace973e977a5aab1f25daf8cf904adac044e

SHA512
47cc88d84706b0fcdedea996416867d0104e5cb2a208b39aea8644e02fdecb94e5ce848bd5ae5953bbe59a5b566036c39065802c1a18cd2055b9c993aac593e1

Download Submit
memory/1324-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1324-7-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1940-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1940-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1940-14-0x00000000001C0000-0x00000000001F5000-memory.dmp

Filesize
212KB

Download