7a77b9bcc3f66e99c3456b9874cdb6de3bcecb069eca984a0e1ec75b916977e6

Analysis

max time kernel
144s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe
Size

256KB
MD5

762d4f85a4e1bf2c2c785952b7325c60
SHA1

236d33531e849d0d052d0dd551cec875c6610102
SHA256

7a77b9bcc3f66e99c3456b9874cdb6de3bcecb069eca984a0e1ec75b916977e6
SHA512

35c46f0f491577e4c4f504919e72f5fc435919a5e4c05890618152c4bf6095a60331dde85192d1486d6657467269997096973dccc296778af0a24093073f7d42
SSDEEP

6144:/sqoLza8Y5ISXAOeEkMh6jTFRbf0eN0W7cyqCxSn1:/sqonu5ISXSBMh6XFRbf0ez0n1

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4488	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
4488	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1408	4544	WerFault.exe	80
1920	4488	WerFault.exe	87
2836	4488	WerFault.exe	87
3620	4488	WerFault.exe	87
1872	4488	WerFault.exe	87
2196	4488	WerFault.exe	87
2936	4488	WerFault.exe	87

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4544	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4488	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 4488	4544	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe	87
PID 4544 wrote to memory of 4488	4544	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe	87
PID 4544 wrote to memory of 4488	4544	762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe	87

C:\Users\Admin\AppData\Local\Temp\762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 384
  2⤵
  - Program crash
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 352
    3⤵
    - Program crash
    PID:1920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 768
    3⤵
    - Program crash
    PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 772
    3⤵
    - Program crash
    PID:3620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 776
    3⤵
    - Program crash
    PID:1872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 760
    3⤵
    - Program crash
    PID:2196
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 768
    3⤵
    - Program crash
    PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4544 -ip 4544
1⤵
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4488 -ip 4488
1⤵
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4488 -ip 4488
1⤵
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 4488 -ip 4488
1⤵
PID:2308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4488 -ip 4488
1⤵
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4488 -ip 4488
1⤵
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4488 -ip 4488
1⤵
PID:3248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\762d4f85a4e1bf2c2c785952b7325c60_NeikiAnalytics.exe

Filesize
256KB

MD5
4a3705baaae8cf5060f741a42b9476da

SHA1
c801ae7531f1dd72f56760e7f452df17d08fe7a5

SHA256
cf63b2f4910c6327ea998930e6117fa04e639d6328fd84799864d5762eca8ef0

SHA512
5ec7ed107f9eb09acca509b5302e6d50600424ae91b9b01967ba68b9f3b415f2e8a5353096270f3304d1a56d7b6b6dcd81c3049317e999ccbaf63337b78e5663

Download Submit
memory/4488-7-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4488-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4488-13-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/4544-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4544-6-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download