1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 22:11

Target

1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe
Size

203KB
MD5

8e33d7465eb655572089a24f5b002d00
SHA1

dcd0153971d4d52f9d33e7fb848b3faab4ea8f3a
SHA256

1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5
SHA512

f214e4c449631dc60110bcf09f57eaa6cb4e0519c5c192a5f7e4ddc13c6ba0b15799f1eafb03bb6e941127a7e1a4277609c37155876af53cc656e2f4dbc6ef56
SSDEEP

6144:SeKZO+yn1c2pYAQxfltLL1dvyeYOWMBBVMWDaABkr+G1B78:MZO7ONAQxNtLxd9V9rBkr+G1BA

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1808	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1808	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2252	4620	WerFault.exe	79
2476	1808	WerFault.exe	84

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4620	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1808	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 1808	4620	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe	84
PID 4620 wrote to memory of 1808	4620	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe	84
PID 4620 wrote to memory of 1808	4620	1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 396
  2⤵
  - Program crash
  PID:2252
- C:\Users\Admin\AppData\Local\Temp\1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1808
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 364
    3⤵
    - Program crash
    PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4620 -ip 4620
1⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1808 -ip 1808
1⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\1e0e606718e3632ea3a077fbe1f5f4130b0c0f5a992eccd7ab9f8d488ea07bb5_NeikiAnalytics.exe

Filesize
203KB

MD5
fafcd597d2235e5a222833e1527e9fba

SHA1
9c1657df1ae500eb43ddb2efbc8d69e7f9a21c14

SHA256
e231abea6745ab5bd8829a43fd455609e2c9f7deb5303cce662f84374f0297e7

SHA512
5c1f54f1c36dbcff9c8fd4f71e3e30760645cc547a8eaa99a1ac4e5d403fcf52f028cb088ca7ebcb7e16118d22524f3381373448cf1b35459cf577ce95dc3187

Download Submit
memory/1808-7-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1808-13-0x00000000014A0000-0x00000000014DF000-memory.dmp

Filesize
252KB

Download
memory/1808-8-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4620-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4620-6-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download