89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 15:39

Target

89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe
Size

56KB
MD5

fcec7fde7201f7743ef9a6501563d200
SHA1

8aa5253a248129f1c401b269c1e2cfbdd563be82
SHA256

89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9
SHA512

59ef43ff7ecff2a8a4bc196712fb920c6725e9e5e9c7450afe28f0a914e3958b0fe1ad55f1b76ef4f2c87e34a49bdfb8b80c2bb3337ef47b9873094fc6e2581a
SSDEEP

1536:ZFP6k/N5ga9+6xvu12zOsDy/syC5DzvR:yI5f1vu1AOMGG5J

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
292	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
292	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2424-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000d0000000122eb-10.dat	upx
behavioral1/memory/292-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/memory/2424-14-0x0000000000180000-0x00000000001BA000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe
292	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 292	2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe	29
PID 2424 wrote to memory of 292	2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe	29
PID 2424 wrote to memory of 292	2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe	29
PID 2424 wrote to memory of 292	2424	89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe	29

\Users\Admin\AppData\Local\Temp\89366cc5057ede24f4841be5722aabe0a6b5b7747a94ace42b4524ee6f4143c9_NeikiAnalytics.exe

Filesize
56KB

MD5
ccbf6c6e5f2d0247a94e21b1dd006b6b

SHA1
7e696bdebe1c424fdf32b99e84a6424c88c868cb

SHA256
a6939d8925144e1912db3d4b3bdf6f74c33df6c6dfb1849d121b3f2719f241a9

SHA512
ba3f725099be525058c711829b20ba6478f62af29f9e5041609ca74c65d0f36bec57635f9f1a9d120831a72c60f33d9999e47d569308e0ceeca7d6f6a0475362

Download Submit
memory/292-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/292-18-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/292-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/292-29-0x00000000001F0000-0x000000000020B000-memory.dmp

Filesize
108KB

Download
memory/292-28-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/292-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2424-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2424-1-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2424-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2424-16-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2424-14-0x0000000000180000-0x00000000001BA000-memory.dmp

Filesize
232KB

Download