8b3d02bc673fe2566852a6320ec4bc31ee0891baa580ebd44fc48d3835d62ae6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:05

Target

5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe
Size

24KB
MD5

5e654f5b76bafaff2451767e0e6fb9f0
SHA1

29a74d124c365ecafc1402d3c54a881c6b43cbbe
SHA256

8b3d02bc673fe2566852a6320ec4bc31ee0891baa580ebd44fc48d3835d62ae6
SHA512

9362b871455430e7994623fdb618ec47ef223184ed9759c35557b7d07ff6d640a1abe43a64ac2ad1449b71343f347f1f1d395dd73b78a621910f3f8621d3d117
SSDEEP

192:UAJYlyiw+k97beJagxwJhNL7Hk7EXUsl0owRPeOR5vxi0H/ZEvUBvi10HN:UVle/RtkK4PeOR5g0H/ZEf0t

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

dw20.exe

pid process

2036 dw20.exe

pid	process
2036	dw20.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe

description	pid	process	target process
PID 2980 wrote to memory of 2036	2980	5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe	dw20.exe
PID 2980 wrote to memory of 2036	2980	5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe	dw20.exe
PID 2980 wrote to memory of 2036	2980	5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe	dw20.exe
PID 2980 wrote to memory of 2036	2980	5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe	dw20.exe

C:\Users\Admin\AppData\Local\Temp\5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5e654f5b76bafaff2451767e0e6fb9f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 392
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2036

memory/2036-3-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/2980-0-0x0000000074CD1000-0x0000000074CD2000-memory.dmp

Filesize
4KB

Download
memory/2980-1-0x0000000074CD0000-0x000000007527B000-memory.dmp

Filesize
5.7MB

Download
memory/2980-2-0x0000000074CD0000-0x000000007527B000-memory.dmp

Filesize
5.7MB

Download
memory/2980-4-0x0000000074CD0000-0x000000007527B000-memory.dmp

Filesize
5.7MB

Download