5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 12:21

Target

5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e_NeikiAnalytics.exe
Size

27KB
MD5

ccfef91aa8c75ae6786e73b67b002e10
SHA1

cca56bf65d69f4dc312891930c7c223439483005
SHA256

5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e
SHA512

28be17e92525555677bc0248dfb8afb6683770556faf930b285296e2eeb840daf1bab9c3c6312ca5b00ba584e8f1530279cea6998841bf557af61a48103d1ba0
SSDEEP

384:zY/Y+wePaNyb8E9VF6IYinAM+o/7hjigsbIYir/P9NfNvO:zY/p6EpYinAMxTCkYihNk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1944	1936	5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 1944	1936	5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 1944	1936	5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5f78d58b914c8de6031ce5d831de2fa928111bd7e266ad6d995cc0512c19900e_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1936 -s 512
  2⤵
  PID:1944

memory/1936-0-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

Filesize
4KB

Download
memory/1936-1-0x0000000000CE0000-0x0000000000CE8000-memory.dmp

Filesize
32KB

Download
memory/1936-2-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

Filesize
4KB

Download