e261e199e0f447b5e0ff5c9bbfd248b01697bf0a04e00bbc0975ed0aeb3f14af

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 21:49

Target

0174eb12d131963a335a49d4ac14e190_NeikiAnalytics.exe
Size

481KB
MD5

0174eb12d131963a335a49d4ac14e190
SHA1

3b3acfb059c62351ded7e02c91b14b0c51bb7140
SHA256

e261e199e0f447b5e0ff5c9bbfd248b01697bf0a04e00bbc0975ed0aeb3f14af
SHA512

b3462a7be0c9f031fb5707d6294fead625a3999dc10a43c691cda01856ee6b29899dc7986894953690c0e6806c8686721a6b3c8e500c9b1e8406468112479703
SSDEEP

12288:1gJJD9HstCLJDzxyc5gJJD9HstwLJDzxyAl:1A9W0FzxykA9WeFzxyk

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2696	0174eb12d131963a335a49d4ac14e190_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\0174eb12d131963a335a49d4ac14e190_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0174eb12d131963a335a49d4ac14e190_NeikiAnalytics.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2696

memory/2696-0-0x000007FEF58F3000-0x000007FEF58F4000-memory.dmp

Filesize
4KB

Download
memory/2696-1-0x0000000001130000-0x00000000011AE000-memory.dmp

Filesize
504KB

Download
memory/2696-2-0x000007FEF58F0000-0x000007FEF62DC000-memory.dmp

Filesize
9.9MB

Download
memory/2696-4-0x0000000000350000-0x000000000035A000-memory.dmp

Filesize
40KB

Download
memory/2696-3-0x0000000000350000-0x000000000035A000-memory.dmp

Filesize
40KB

Download
memory/2696-5-0x000007FEF58F0000-0x000007FEF62DC000-memory.dmp

Filesize
9.9MB

Download
memory/2696-6-0x000007FEF58F0000-0x000007FEF62DC000-memory.dmp

Filesize
9.9MB

Download