aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 14:49

Target

aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe
Size

311KB
MD5

c07ec14c221e912861c5dd0da80bc7c0
SHA1

4dd8e2982c904bc559b88190e49377ca264b80c0
SHA256

aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb
SHA512

992605bac8786a02cadfd2d87ad73019ca191df8e321471664719c09898688aac331ff9a0954d75137cfece28466d09aec779c88f4cb0832ef17af25c45a5b3d
SSDEEP

6144:XPeNbxR6U0AHWeuD5xqH/YtjPR+aGE8w5WMB35bKh+aGE:2NbxR6U0i5Y5xwwJgw5W635

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2680	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
900	2968	WerFault.exe	80
752	2680	WerFault.exe	85
3360	2680	WerFault.exe	85

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2968	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2680	2968	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	85
PID 2968 wrote to memory of 2680	2968	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	85
PID 2968 wrote to memory of 2680	2968	aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe	85

C:\Users\Admin\AppData\Local\Temp\aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 396
  2⤵
  - Program crash
  PID:900
- C:\Users\Admin\AppData\Local\Temp\aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2680
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 380
    3⤵
    - Program crash
    PID:752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 164
    3⤵
    - Program crash
    PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2968 -ip 2968
1⤵
PID:1140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2680 -ip 2680
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2680 -ip 2680
1⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\aff9a203d0fcea08e0478a532d6645fd958d37caff85349adee72ba4d9281ffb_NeikiAnalytics.exe

Filesize
311KB

MD5
2c80defa548c8ad7f813620551c07e28

SHA1
970868f754542c21c5c35529d9409efeeb6526c6

SHA256
0bc3480ad77503e5d5b354b3f2ab063a9a4f2956a45cee8359b48778b9976bc3

SHA512
5768806d36fd30d05920409c00dcf40cadbdb4fb90f220f62d46b3d10a5e965d3b44f1dfbfbcffcde3cedec13136dda22cf8cb77d8ea64f3bc57216622275dce

Download Submit
memory/2680-8-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2680-10-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2968-0-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2968-7-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download