aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 14:49

Target

aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe
Size

311KB
MD5

c07ec14c221e912861c5dd0da80bc7c0
SHA1

4dd8e2982c904bc559b88190e49377ca264b80c0
SHA256

aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb
SHA512

992605bac8786a02cadfd2d87ad73019ca191df8e321471664719c09898688aac331ff9a0954d75137cfece28466d09aec779c88f4cb0832ef17af25c45a5b3d
SSDEEP

6144:XPeNbxR6U0AHWeuD5xqH/YtjPR+aGE8w5WMB35bKh+aGE:2NbxR6U0i5Y5xwwJgw5W635

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2920	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2920	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
1180	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1180	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2920	1180	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	29
PID 1180 wrote to memory of 2920	1180	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	29
PID 1180 wrote to memory of 2920	1180	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	29
PID 1180 wrote to memory of 2920	1180	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	29

\Users\Admin\AppData\Local\Temp\aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Filesize
311KB

MD5
f9d7e501330d6b3c38a7b34a2dc9dc50

SHA1
eb8d4a1c2d13e395f9c0f910813dd530d693215c

SHA256
6344d75f7f313ba6a89f915a9276d8a648fff8b3a639d5a8e1b878566d3ba03d

SHA512
064dc4fb71b1261f3029eece223b2d030c3c3bc10f553fc16b7e605086a417615836753e26d6a5651b4bb14895c543dd61ae287acde085ecc9e6c0be5f210d5e

Download Submit
memory/1180-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1180-6-0x00000000001E0000-0x000000000023A000-memory.dmp

Filesize
360KB

Download
memory/1180-11-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1180-10-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2920-12-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2920-14-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download