c40aa2c30120a5ce0e12114405259e41110fe4b7ae6b6222ff0b417723bfb8d7

Resubmissions

13/06/2024, 09:30

03/06/2024, 05:30

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 05:30

Target

9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe
Size

184KB
MD5

9d33099df345c35a415fb6c3beeca030
SHA1

94e7fe618c505588e61b0d21728941c5bfd4a109
SHA256

c40aa2c30120a5ce0e12114405259e41110fe4b7ae6b6222ff0b417723bfb8d7
SHA512

ea48ae0c39dac3129c29df967e1d1d18ca41d4b659c2ab6c053df683abd9eb338d649f597a1c32a688af684ac42858ac3de968229044a11f2eee1987cd46019e
SSDEEP

3072:MWObxQoumVg9mdgWW2Si9alSvlnViFPnI:MWPo4gdg/iElSvlnViFP

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2072	Unicorn-65208.exe

Loads dropped DLL 9 IoCs

pid	Process
1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe
1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1152	2072	WerFault.exe	28
2520	1088	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe
2072	Unicorn-65208.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2072	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	28
PID 1088 wrote to memory of 2072	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	28
PID 1088 wrote to memory of 2072	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	28
PID 1088 wrote to memory of 2072	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	28
PID 2072 wrote to memory of 1152	2072	Unicorn-65208.exe	29
PID 2072 wrote to memory of 1152	2072	Unicorn-65208.exe	29
PID 2072 wrote to memory of 1152	2072	Unicorn-65208.exe	29
PID 2072 wrote to memory of 1152	2072	Unicorn-65208.exe	29
PID 1088 wrote to memory of 2520	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	30
PID 1088 wrote to memory of 2520	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	30
PID 1088 wrote to memory of 2520	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	30
PID 1088 wrote to memory of 2520	1088	9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe	30

C:\Users\Admin\AppData\Local\Temp\9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9d33099df345c35a415fb6c3beeca030_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
  2⤵
  - Program crash
  PID:2520

\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe

Filesize
184KB

MD5
3263147f3c4d0d7208a3a33c2e992b75

SHA1
a502587f33c813c3aaa735089ff37d17628946ef

SHA256
bfc72e250b359db7b0d17f72568ff7cfd0b06071eafdae0286c5f5bf5c0df436

SHA512
1d8e71f7d6776cfd53874820760a57e594d27c3fc98f9121c65849b9902e7d9df5044f7ad7b45c16eb0227154243b31a8a5083a7469e4585b04a1847ffb4ae54

Download Submit