Overview

overview

8

Static

static

3

5e339ff294...cs.exe

windows7-x64

8

5e339ff294...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/05/2024, 14:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5e339ff29423aa4a7f7bf33125a94630_NeikiAnalytics.exe

  • Size

    205KB

  • MD5

    5e339ff29423aa4a7f7bf33125a94630

  • SHA1

    65ccf1142997173a363c3d20a62b9e29b07f7594

  • SHA256

    adccde4f434e718394ecbfd6ee4ccc6f97fd5b1920c3c235563e32eb73a44630

  • SHA512

    bc718f8ac4b7f4e006223edc12177ede37a575b7c1709a6436b6465eb594731cebd216214c814ad16a81b682ca84c82c8c7c52e6d00d87707eb55b5ad0750f69

  • SSDEEP

    3072:2+ejgWgTsDAJJRjOV2/pwb5ryT5tlDhB2IFTLFZhh2D+0caj3kyRACHfE:qjg3JJF35tlDhB2Cn9ozHfE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e339ff29423aa4a7f7bf33125a94630_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5e339ff29423aa4a7f7bf33125a94630_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    PID:652
  • C:\PROGRA~3\Mozilla\ywswmda.exe
    C:\PROGRA~3\Mozilla\ywswmda.exe -zhzkoil
    1⤵
    • Executes dropped EXE
    PID:2412
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 452
      2⤵
      • Program crash
      PID:5052
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2412 -ip 2412
    1⤵
      PID:3144

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\Mozilla\ywswmda.exe
            Filesize

            205KB

            MD5

            21a183e0ab514b8731e801dbf872e4f6

            SHA1

            80527b70d5530093da310712b15dd6d684cc44fa

            SHA256

            69e6133b4d15815c8b09dc5012fe5c92350610f0eea5f27ee7ff6f84af1a46b8

            SHA512

            f2f4cbada6c4ff96cd128fb9c6c6e9ce13c0a2fbb9619e71472adc3cfec22df0e187c7a8259278c79fe481bcdd2aa0fde172b3b29e587b6d55094041acd21267

            Download Submit

          • memory/652-0-0x0000000000400000-0x000000000045D000-memory.dmp

            Filesize

            372KB

            Download

          • memory/652-1-0x00000000020C0000-0x000000000211B000-memory.dmp

            Filesize

            364KB

            Download

          • memory/652-2-0x0000000000400000-0x000000000045B000-memory.dmp

            Filesize

            364KB

            Download

          • memory/652-7-0x0000000000400000-0x000000000045B000-memory.dmp

            Filesize

            364KB

            Download

          • memory/2412-6-0x0000000000400000-0x000000000045D000-memory.dmp

            Filesize

            372KB

            Download

          • memory/2412-9-0x0000000000400000-0x000000000045D000-memory.dmp

            Filesize

            372KB

            Download