92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 10:14

Target

92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe
Size

320KB
MD5

df2b790819600e489ff78bfd3d4f13e0
SHA1

39bce8c392a3468d58361ea5d26aef0f514fbb31
SHA256

92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a
SHA512

d7974771b9dfaeb1a7c66b9f6b1631eca1ecb7559c8b087d91964560b8e7e879b510b48d3ba65bf863f699797b75e1eafae2c09648d70ee6c9f26d2b57e268cb
SSDEEP

6144:Upe5ZXiOccpgl4mNIDEqZK0W7cyqCxSngmMBqfycuPbUl0i5w:UpMyOaumwEqZQ0npM4dl0b

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2200	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2200	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
2940	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2200	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2940	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2200	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2200	2940	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2200	2940	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2200	2940	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	28
PID 2940 wrote to memory of 2200	2940	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	28

\Users\Admin\AppData\Local\Temp\92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Filesize
320KB

MD5
f69e398a1e1b8f37621838f4a88a0fd1

SHA1
25b2568238758e5e3a932ff53504f6969250d2a8

SHA256
64467751ca61ab458587dba068196b1e11d4c828ea7346e37db66054aa581da7

SHA512
4375b116ac023043a538eb05374afe181687ce5f2e3f8b36818c6708d0221df9b6572556e2c4c12f9eab7b2c5d66146e86d4a5ef55c2d8d2ca62311c62c9038b

Download Submit
memory/2200-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2200-13-0x0000000000130000-0x0000000000168000-memory.dmp

Filesize
224KB

Download
memory/2200-14-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2940-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2940-10-0x00000000002B0000-0x00000000002E8000-memory.dmp

Filesize
224KB

Download
memory/2940-9-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download