41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 01:08

Target

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe
Size

1.9MB
MD5

8d7f2ae1fd4cb68ad3977e671c3ad3a0
SHA1

78a9a25da81877035ddbfcf93131987739d78838
SHA256

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538
SHA512

3673aac441578124e1f89df089fcc53843e12619443112bbeda65f6a56b2487126949031532dc99cb54a906cefa2b7dced005f0b190fa2a52fa91ed8544beace
SSDEEP

24576:JMKuWz0vnWbF36tUehZEY+5cMsGNyNlyarXwe:h0vnWbF36jhZE55cMZiprXw

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

pid process

2248 41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

behavioral1/memory/2248-1-0x0000000000F20000-0x0000000001100000-memory.dmp agile_net
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2228 2248 WerFault.exe 41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

pid	process
2248	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

resource	yara_rule
behavioral1/memory/2248-1-0x0000000000F20000-0x0000000001100000-memory.dmp	agile_net

pid	pid_target	process	target process
2228	2248	WerFault.exe	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

description	pid	process	target process
PID 2248 wrote to memory of 2228	2248	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe	WerFault.exe
PID 2248 wrote to memory of 2228	2248	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe	WerFault.exe
PID 2248 wrote to memory of 2228	2248	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe	WerFault.exe
PID 2248 wrote to memory of 2228	2248	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 616
2⤵
- Program crash
PID:2228

\Users\Admin\AppData\Local\Temp\464a933c-874e-490c-ae31-008a45949341\AgileDotNetRT.dll
Filesize
136KB

MD5
54ab56509d910c969b9c287fde10026d

SHA1
b0929cd61e4428d57191b0c41ad60765236bed4c

SHA256
998b95107a40360c441b4d1211f9f2e5ea9d004017baa383ffbe1a46cf08bfd0

SHA512
b16722ac2662362d6ee37620f1ab2dcee05e0a54b49dbc8bb2d93561f35f2f09e4dd8f0bc6139d57a5424a7b76c62dafef62a7f355ea1963e7fcdce180cdd2e8

Download Submit
memory/2248-0-0x0000000073FDE000-0x0000000073FDF000-memory.dmp

Filesize
4KB

Download
memory/2248-1-0x0000000000F20000-0x0000000001100000-memory.dmp

Filesize
1.9MB

Download
memory/2248-2-0x0000000073FD0000-0x00000000746BE000-memory.dmp

Filesize
6.9MB

Download
memory/2248-9-0x0000000073700000-0x0000000073737000-memory.dmp

Filesize
220KB

Download
memory/2248-10-0x0000000073DD0000-0x0000000073E50000-memory.dmp

Filesize
512KB

Download
memory/2248-11-0x0000000073FDE000-0x0000000073FDF000-memory.dmp

Filesize
4KB

Download
memory/2248-12-0x0000000073FD0000-0x00000000746BE000-memory.dmp

Filesize
6.9MB

Download
memory/2248-13-0x0000000073700000-0x0000000073737000-memory.dmp

Filesize
220KB

Download