7edd94b53216fd0d45d02404437bd7b004f85378d1a8669ce03e5828a483aca2

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:02

Target

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
Size

192KB
MD5

5ddbe3e4e4fcc8163a8147daba347190
SHA1

3d4f5abbbbfb5504c77583a53ccc330c87614701
SHA256

7edd94b53216fd0d45d02404437bd7b004f85378d1a8669ce03e5828a483aca2
SHA512

2b5c892b77de8e4e95e503ed4e6cafd50912e6e8b26d61bb5e373b16886aacda538a1867eaa3e9edf4f956e46a617fab9202e14df6504d9431555d9a7ca91196
SSDEEP

3072:D3jY5KTnhnQDlZ2iPTzf+pmGVjymkJ6xqv1/Zi0Jj9mQVONt7Vuh67:D3k5KThnQXx7r+pmGdNM6xqv/i8L4N2S

Score

7^/10

Deletes itself 1 IoCs

Processes:

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid process

1956 5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
Executes dropped EXE 1 IoCs

Processes:

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid process

1956 5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
Loads dropped DLL 1 IoCs

Processes:

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid process

1752 5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid process

1752 5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid process

1956 5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid	process
1956	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid	process
1956	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid	process
1752	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid	process
1752	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

pid	process
1956	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

description	pid	process	target process
PID 1752 wrote to memory of 1956	1752	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
PID 1752 wrote to memory of 1956	1752	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
PID 1752 wrote to memory of 1956	1752	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
PID 1752 wrote to memory of 1956	1752	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe	5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

\Users\Admin\AppData\Local\Temp\5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

Filesize
192KB

MD5
6edcb7e09a80d61f02aab01042a95c38

SHA1
6ef07869fbbfe674b76c4ef677f91d0d816a54cd

SHA256
0f12a57e333504e03cac440883328fc267f3f8aceba10231860a9446d25cf267

SHA512
0f7f575130c9613943cc712865c858232de2027a085242690f1524c1d08bf2136f6069eda2dc12cc0a72a5de22165c0e56364a511ced22c629d5554bfa84a143

Download Submit
memory/1752-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1752-9-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1956-11-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1956-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1956-17-0x00000000002A0000-0x00000000002D7000-memory.dmp

Filesize
220KB

Download