84950f4916828dd90af86ce54cf4319777bbad24ed10fc60f24cef544a584e4a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:44

Target

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Size

320KB
MD5

4f8286172fb9344af6a732bdfae3b6f0
SHA1

56d0d408443aa12b183086a9b263d9b37195cb95
SHA256

84950f4916828dd90af86ce54cf4319777bbad24ed10fc60f24cef544a584e4a
SHA512

87bd791f561a9a00c259301a9708d47af1c879cbcf2847599bf5bd4979805cd93bd63caf47a78e9492fbd0abee9fc78555e526d715cc4446f79f694970bd53cd
SSDEEP

6144:a2vfy7/6n4/pSgCi7nK6UkB53BDu0W7cyqCxSngmMBqfycuPbUl0i5j:aYyAYSgp7X53p80npM4dl0s

Score

7^/10

Deletes itself 1 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid process

2200 4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid process

2200 4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid process

1992 4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid process

2200 4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid process

1992 4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid process

2200 4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid	process
2200	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid	process
2200	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid	process
1992	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid	process
2200	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid	process
1992	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

pid	process
2200	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

description	pid	process	target process
PID 1992 wrote to memory of 2200	1992	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
PID 1992 wrote to memory of 2200	1992	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
PID 1992 wrote to memory of 2200	1992	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
PID 1992 wrote to memory of 2200	1992	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe	4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
Filesize
320KB

MD5
51814a8638343da0f758a1e0c2bd207c

SHA1
d90b15e7ac457d33cc4ece91744a37ec2db0d9ad

SHA256
8ac39bb8f7ade0365cc39521637106a5f9f5d16dbec13ff390d23f87d00b1fa3

SHA512
7771b3ef5bc82a4e4daae0bd41196e27c5462ef9fc4101de4e789ccef0d8b8ba6242f9a19ea7595954b81e16789242d34a77395c89f4dec16fe54c6ecb49a60f

Download Submit
memory/1992-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1992-6-0x00000000001E0000-0x000000000021C000-memory.dmp

Filesize
240KB

Download
memory/1992-10-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2200-11-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2200-17-0x00000000002F0000-0x000000000032C000-memory.dmp

Filesize
240KB

Download
memory/2200-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download