3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 04:08

Target

3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe
Size

202KB
MD5

b224015bf1cb0b8ed40275b6ad675d30
SHA1

7c3a9bd5a91e21e923ca9243de41abdde35d2ca4
SHA256

3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189
SHA512

1c9d87fbffdac4ebb7abd7bc51f7ec604af2536c5313c0da84c3931cbb629970af70ba5d258138a2fc8999199a33a999662f84d75835c43c702217ad8f35c48e
SSDEEP

6144:Ip18o0RZUeBjGxtW0xakOw6dQuJxpUfqIErP:E1UeAV0HOwkQXfLErP

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1908	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
1908	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
2956	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2956	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
1908	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 1908	2956	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 1908	2956	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 1908	2956	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe	29
PID 2956 wrote to memory of 1908	2956	3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe	29

\Users\Admin\AppData\Local\Temp\3443ed78168b080792528ed58e5f96871f2714d9f6bed6fa0a560d6ddcdb6189_NeikiAnalytics.exe

Filesize
202KB

MD5
5b26eaeafe40c264b804a61464886f58

SHA1
abb7da8961f6069a9d22cc3367eab20a3cd1c7b1

SHA256
10800d74d19aa73279a331ea45ab83285cd28384b4bdac0db7634f2e58dabd10

SHA512
af96a2c29b46bb43114a4e33723574c8bc2c5174dfaa51add3fd6669c5512855d885bec2e51cfa150ac5796a818f717d6e2119ffda30cf8f34f80faa45442142

Download Submit
memory/1908-9-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1908-11-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1908-16-0x0000000000130000-0x000000000016E000-memory.dmp

Filesize
248KB

Download
memory/1908-17-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2956-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2956-10-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download