5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27-06-2024 06:40

Target

5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe
Size

416KB
MD5

1d0efa35f78025a17cddd4a5c47fcd50
SHA1

00d9f33efefd6b011bd40d2cfe95dc2d693e52c0
SHA256

5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220
SHA512

404e88c993d33ff0e0abaf2f8e542c3aff5350947a9eae96efdaea30f6bb2c77fbf74b3d6476594c9bb853fc3602f76db0dd9f3e929b97716f2cf05abf8d7957
SSDEEP

6144:XE+3+8N6LE7ASgT79H0W7cyqCxSngmMBqfycuPbUl0i5cD5J6KE:XZ1AdT7j0npM4dl0v5JdE

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2980	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2980	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
1832	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2980	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1832	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2980	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2980	1832	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe	28
PID 1832 wrote to memory of 2980	1832	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe	28
PID 1832 wrote to memory of 2980	1832	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe	28
PID 1832 wrote to memory of 2980	1832	5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe	28

\Users\Admin\AppData\Local\Temp\5defb703ce3d44970eacc21fe1e4159f5d55e1e3ea15330de09337d83e9bb220_NeikiAnalytics.exe

Filesize
416KB

MD5
71b63ac726baeeb7cf74b5b96446a673

SHA1
c4c8d86bfec2c7a4791ae24908402d3efb99b76c

SHA256
7289bdccac25b7d06b465737b3e598007f8f1991f0d2853e4927377878b26984

SHA512
faa8bbaeae680ed37546c8327648916e63b7dc75a8326972a086b9fa1cb475518feab9ae235f7d94e7cc3a4dd7259b82f5337634caed6041bb91c542e5f89657

Download Submit
memory/1832-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1832-8-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2980-10-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2980-16-0x0000000000130000-0x0000000000171000-memory.dmp

Filesize
260KB

Download
memory/2980-11-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download