0eea6ad1092f9a20a7843e8b5572fe73487e053fcb168de77c9f813e6a9bb6ec

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 21:31

Target

2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe
Size

41KB
MD5

2172a5561ad63f75a0e7c671268d50f0
SHA1

4bf3feb6c7c669b84759938077f32a209412da54
SHA256

0eea6ad1092f9a20a7843e8b5572fe73487e053fcb168de77c9f813e6a9bb6ec
SHA512

c3bc0e43fe8c8de733ef838ff28eb5691559dbb61d04c6450d8d7851a1d64be036e719d1a08f5ecdfab1f85a8c88dea54887ddf2f3ee21c9e26f2d46387be893
SSDEEP

768:Oxo16lkkRYgnslRZOU9ImM0+DCqQluejYP0yPvQg3CU/OjSN:Oq16lSssljOmMlLQluQEPvQWCUdN

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1852-5-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1852-6-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1852-4-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1852-1-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral1/memory/1852-9-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 1852	1904	2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe	28
PID 1904 wrote to memory of 1852	1904	2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe	28
PID 1904 wrote to memory of 1852	1904	2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe	28
PID 1904 wrote to memory of 1852	1904	2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\2172a5561ad63f75a0e7c671268d50f0_NeikiAnalytics.exe
  ?
  2⤵
  PID:1852

memory/1852-5-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1852-6-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1852-4-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1852-1-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1852-7-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1852-9-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/1904-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download