41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538

Analysis

max time kernel
134s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 01:08

Target

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe
Size

1.9MB
MD5

8d7f2ae1fd4cb68ad3977e671c3ad3a0
SHA1

78a9a25da81877035ddbfcf93131987739d78838
SHA256

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538
SHA512

3673aac441578124e1f89df089fcc53843e12619443112bbeda65f6a56b2487126949031532dc99cb54a906cefa2b7dced005f0b190fa2a52fa91ed8544beace
SSDEEP

24576:JMKuWz0vnWbF36tUehZEY+5cMsGNyNlyarXwe:h0vnWbF36jhZE55cMZiprXw

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

pid process

3940 41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

behavioral2/memory/3940-1-0x00000000006A0000-0x0000000000880000-memory.dmp agile_net
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4336 3940 WerFault.exe 41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

pid	process
3940	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

resource	yara_rule
behavioral2/memory/3940-1-0x00000000006A0000-0x0000000000880000-memory.dmp	agile_net

pid	pid_target	process	target process
4336	3940	WerFault.exe	41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\41775fe48e934c36796432a83b790dfc48511b816f2a67bdecb63762bc3e7538_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 952
2⤵
- Program crash
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3940 -ip 3940
1⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\464a933c-874e-490c-ae31-008a45949341\AgileDotNetRT.dll
Filesize
136KB

MD5
54ab56509d910c969b9c287fde10026d

SHA1
b0929cd61e4428d57191b0c41ad60765236bed4c

SHA256
998b95107a40360c441b4d1211f9f2e5ea9d004017baa383ffbe1a46cf08bfd0

SHA512
b16722ac2662362d6ee37620f1ab2dcee05e0a54b49dbc8bb2d93561f35f2f09e4dd8f0bc6139d57a5424a7b76c62dafef62a7f355ea1963e7fcdce180cdd2e8

Download Submit
memory/3940-0-0x000000007492E000-0x000000007492F000-memory.dmp

Filesize
4KB

Download
memory/3940-1-0x00000000006A0000-0x0000000000880000-memory.dmp

Filesize
1.9MB

Download
memory/3940-2-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/3940-3-0x00000000054F0000-0x0000000005844000-memory.dmp

Filesize
3.3MB

Download
memory/3940-11-0x0000000073330000-0x00000000733B9000-memory.dmp

Filesize
548KB

Download
memory/3940-12-0x000000006F620000-0x000000006F657000-memory.dmp

Filesize
220KB

Download
memory/3940-13-0x0000000074920000-0x00000000750D0000-memory.dmp

Filesize
7.7MB

Download
memory/3940-14-0x000000006F620000-0x000000006F657000-memory.dmp

Filesize
220KB

Download