5f35fea0e4177159452628fa23e3856d39bc49fdc72946b666a8dc0c4e743558

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 17:31

Target

18990ab30fee23e0fc469cb02e808570_NeikiAnalytics.exe
Size

48KB
MD5

18990ab30fee23e0fc469cb02e808570
SHA1

e4b88ec3d7164c7d2ef36ad8fb1e980d8a351dee
SHA256

5f35fea0e4177159452628fa23e3856d39bc49fdc72946b666a8dc0c4e743558
SHA512

56acef20a705b3b87db08f9defbe43c8e49f11cc1801accc85cd8bea890305a14a5cfa458445948869cf0a420cc0536baba7dcd0acf04f5b5ba89e6161f82be8
SSDEEP

768:ErzO4qp+uC0LBbGZjkaR9cbBekKNyBe0mLdMDTIQ2Qz4/P:EW4q4EUqaRWAgevMPN2Qk3

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2748	rmass.exe

Loads dropped DLL 1 IoCs

pid	Process
2552	18990ab30fee23e0fc469cb02e808570_NeikiAnalytics.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rmass.exe	18990ab30fee23e0fc469cb02e808570_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\rmass.exe	18990ab30fee23e0fc469cb02e808570_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\18990ab30fee23e0fc469cb02e808570_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\18990ab30fee23e0fc469cb02e808570_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:2552
- C:\Windows\SysWOW64\rmass.exe
  "C:\Windows\SysWOW64\rmass.exe"
  2⤵
  - Executes dropped EXE
  PID:2748

\Windows\SysWOW64\rmass.exe

Filesize
44KB

MD5
ade75b166da4f72f2bb5a5a62b413108

SHA1
155876dc1ffd1528030440333b5d5702609b2d84

SHA256
67aa5c197846633ccd2b284a73bdd511035fef81e642ea77b461f0db55be9ee0

SHA512
9eacc45c99b55b78c6312d893706edee1ec08127ac172ee5e14953e32c4191035000aae7a150efd8a870c38cc9af34cb5b524626a17289834b2e0edf484650ec

Download Submit
memory/2552-5-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download