a3bccdf91b190dbe8f69b3138b7d430e50b644f5578d52bb99975857c1d0f995

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 02:30

Target

19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe
Size

911KB
MD5

19b74f7c61ae4fa68f1bb8fabc820bd0
SHA1

4b546f221f8d14854003be28098f51cfc88d525b
SHA256

a3bccdf91b190dbe8f69b3138b7d430e50b644f5578d52bb99975857c1d0f995
SHA512

91a8010a7c9e1d47fc7a73123427341f0e01f5c360d21db5f702be22694a34fa253ab430193da1ba02ff6cf67d69229eb4fd5c4b9fad7a0394593e3b22809c62
SSDEEP

6144:3kfjH/xT8pkGGirrU1SpKyRIc/qYcMSu4wABrxxJa/YES7W+JW:UfjH/xcpGsIq2jlDa/ZS7W+A

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
1956	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2968	1608	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1956	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1608	1956	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	29
PID 1956 wrote to memory of 1608	1956	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	29
PID 1956 wrote to memory of 1608	1956	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	29
PID 1956 wrote to memory of 1608	1956	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	29
PID 1608 wrote to memory of 2968	1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	30
PID 1608 wrote to memory of 2968	1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	30
PID 1608 wrote to memory of 2968	1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	30
PID 1608 wrote to memory of 2968	1608	19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\19b74f7c61ae4fa68f1bb8fabc820bd0_NeikiAnalytics.exe

Filesize
911KB

MD5
3754758fb06ea46302f4e16f2af808d0

SHA1
4152c91bf8f36775ba64c859c6fb949a3b596a27

SHA256
93649ba9d3a4f7beada8aad6b5ab7a3a3692b3261c0247435f64d3ecfb206cd0

SHA512
7783606fa44fb9df3923a2284ef6a72962faeb0c85fda37f835ead13dd93fe25890611e851ba0b81ea5b8e86f89e449a684df6f4b1e547a89f09d9d07d49d599

Download Submit
memory/1608-10-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/1608-11-0x0000000002EF0000-0x0000000002FE0000-memory.dmp

Filesize
960KB

Download
memory/1956-0-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download
memory/1956-6-0x0000000003130000-0x0000000003220000-memory.dmp

Filesize
960KB

Download
memory/1956-9-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download