e52dede55cd8e81203afe2016032aadd190a105226e7b42acf1c6c0817ac896c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 18:52

Target

0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe
Size

4.1MB
MD5

0d4c2d89176acef92a7c60fae4a14f50
SHA1

0f824f92cb26db870ee3e81f874704949679c28a
SHA256

e52dede55cd8e81203afe2016032aadd190a105226e7b42acf1c6c0817ac896c
SHA512

69d94aae305740584967ba87c21aafc67fc11861a7ef3d87810bd8712b4c2e8afe2db9e8a77193b9686b630a467a622c5a1a205e2493e1faea5c386a0f43c284
SSDEEP

24576:QTu/hCd+/1aPZSVTb+eezha/ZSbpYvxYTqD2Rkea/ZSAajJBMqAX1Ea/pSOue+l:6dC1Q6XMhgSVgCo/OgTw

Score

7^/10

Deletes itself 1 IoCs

pid	Process
3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
3008	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe
2588	WerFault.exe
2588	WerFault.exe
2588	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2588	3056	WerFault.exe	29

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3008	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3056	3008	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	29
PID 3008 wrote to memory of 3056	3008	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	29
PID 3008 wrote to memory of 3056	3008	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	29
PID 3008 wrote to memory of 3056	3008	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	29
PID 3056 wrote to memory of 2588	3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	30
PID 3056 wrote to memory of 2588	3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	30
PID 3056 wrote to memory of 2588	3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	30
PID 3056 wrote to memory of 2588	3056	0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe	30

\Users\Admin\AppData\Local\Temp\0d4c2d89176acef92a7c60fae4a14f50_NeikiAnalytics.exe

Filesize
4.1MB

MD5
671aaf9b832cf5aae411c298bf659588

SHA1
1f1b39cd9fc13e7cd79ed44cb7f4f71911b4d407

SHA256
0a1ed9b7be71f69c6f6ebecc31eb8fc605d577ff8dffd47407cd66e3bc0d94d1

SHA512
e0f482347de57d3f9f6c41262cce29e0ede7efaa6b26d343e2fb883f16073d1ad3aca9d8e85abe51a8a9e89ab892836df5b47ef072c47739641035fc87da5642

Download Submit
memory/3008-0-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3008-6-0x0000000003310000-0x00000000033FC000-memory.dmp

Filesize
944KB

Download
memory/3008-8-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3056-10-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3056-11-0x0000000002F30000-0x000000000301C000-memory.dmp

Filesize
944KB

Download