7b5d62315be72f7cec8d996c051dcd10bf65d82db20c650e1e88f97873dd4975

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 02:43

Target

8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe
Size

59KB
MD5

8a6d0fbab8524c8e07e455d1cc0bb820
SHA1

7f9d8d530d9c308ec6da2e8928cb2116de94bcab
SHA256

7b5d62315be72f7cec8d996c051dcd10bf65d82db20c650e1e88f97873dd4975
SHA512

2bdbe249e0488afdc1db8ce997268938892c009acfde58d741d82af75227e0e815199ae5ec30ee6b6649ae03488bac91089ee526e29fd7fcad8c3752b5320b79
SSDEEP

1536:ux+ZvHB0uwOcufFf8Qvl7Nm3RfAqWqi3C4h0vdi:zYOcuf58QbmhfAGi3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1584	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1584	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2172-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x000a00000002343c-11.dat	upx
behavioral2/memory/1584-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2172	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2172	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe
1584	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1584	2172	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe	86
PID 2172 wrote to memory of 1584	2172	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe	86
PID 2172 wrote to memory of 1584	2172	8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe	86

C:\Users\Admin\AppData\Local\Temp\8a6d0fbab8524c8e07e455d1cc0bb820_NeikiAnalytics.exe

Filesize
59KB

MD5
432ed9ac5ddbfdb75e271a5e79668bfd

SHA1
767a23698e4342845af8c0ae1c8765e7f630077d

SHA256
b2a83ec871c90423a122141c6682a8bfc50a7fad5ad24d047671ea0c2bb7af23

SHA512
0f3f0a3f7c3786ecce4e6170469162caa1d335a521755df7f6e18e3a7029fb7b040a0d5686a0920554bd9574380c98ede7bdab0fd8dcddb2a23355a5e8290001

Download Submit
memory/1584-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1584-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1584-19-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1584-25-0x00000000001D0000-0x00000000001ED000-memory.dmp

Filesize
116KB

Download
memory/1584-24-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/1584-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2172-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2172-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2172-6-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/2172-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download