e52a226ef7640361f2398f6bfa818c612f49e5633509d836fef113456d76b6c9

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 04:42

Target

5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe
Size

2.3MB
MD5

5f5b1a9f26260883ac92668db65d4a80
SHA1

811eac0ee24699805a0c16bb9f17aed62ad1c6e9
SHA256

e52a226ef7640361f2398f6bfa818c612f49e5633509d836fef113456d76b6c9
SHA512

71716c325218b697f5051fd60d0e64d4d92cb3f22aa07311a684c1bc0a9b2a14fd51e78577d5d944173c1c41c3a4182b142d13e456e8ffb30a2d7025714df4d6
SSDEEP

24576:QZSA8nZHZ9ozY6nHHXSuiw+a/ZSkJovBYLYsSwdaJ+4h99Fm+ci2a/ZSrJovBY:RA8nWzY6nHHiw+g+h7Q+F2g

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe

Loads dropped DLL 4 IoCs

pid	Process
2208	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe
2572	WerFault.exe
2572	WerFault.exe
2572	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process
2572	1576	WerFault.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2208	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1576	2208	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	29
PID 2208 wrote to memory of 1576	2208	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	29
PID 2208 wrote to memory of 1576	2208	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	29
PID 2208 wrote to memory of 1576	2208	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	29
PID 1576 wrote to memory of 2572	1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	30
PID 1576 wrote to memory of 2572	1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	30
PID 1576 wrote to memory of 2572	1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	30
PID 1576 wrote to memory of 2572	1576	5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe	30

C:\Users\Admin\AppData\Local\Temp\5f5b1a9f26260883ac92668db65d4a80_NeikiAnalytics.exe

Filesize
2.3MB

MD5
1bcee04dd7dd96e7554c84d6eea24414

SHA1
579847c7ce524e919b3c6f226c1751e2da170ad3

SHA256
133196c5926aba6cd0230af4a40e21ad5147e540b70b8b38ed851fa53d055b9a

SHA512
b695a6c0d2e568dd38065b1d52df365b49bad9b570b6894392e9bc0a4e7e1aa858f452d091861bca090fa5fbad014125bc73675baadfd977462a203acc5dc0d9

Download Submit
memory/1576-10-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1576-11-0x0000000002FA0000-0x000000000308D000-memory.dmp

Filesize
948KB

Download
memory/2208-0-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2208-9-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/2208-7-0x0000000003350000-0x000000000343D000-memory.dmp

Filesize
948KB

Download