Overview

overview

10

Static

static

3

51f2878964...cs.exe

windows7-x64

1

51f2878964...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-05-2024 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51f28789646af41d049b694138433dc0_NeikiAnalytics.exe

  • Size

    710KB

  • MD5

    51f28789646af41d049b694138433dc0

  • SHA1

    57c4323053589025713656f1ed6cb14e7d05eb59

  • SHA256

    8c865af1a6f5285e6a3ee64421ea74a1bc18963321f2f7bd36e1a3da3ceb9d4b

  • SHA512

    24160456a2b764169b923033e3e9696b24caf3966b2f366a821c80ece051d5484747ffa78fce95fac5f2a2f3dee28082d09e2a1d2a3a6a16133791fcd96bc302

  • SSDEEP

    12288:DB1f++azZ4BENJwb/DrA8gXo9LddVNUT0PWkjQ6x67EKM6K1LQFoHLeBfo:t1f++eQGJEHco9LFqQeX6gwK5K1cmreS

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51f28789646af41d049b694138433dc0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\51f28789646af41d049b694138433dc0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2340 -s 544
      2⤵
        PID:2164

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2340-0-0x000007FEF5B83000-0x000007FEF5B84000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2340-1-0x0000000000D10000-0x0000000000D28000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2340-2-0x000007FEF5B83000-0x000007FEF5B84000-memory.dmp

      Filesize

      4KB

      Download