Overview

overview

7

Static

static

3

713c4baea8...cs.exe

windows7-x64

7

713c4baea8...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe

  • Size

    960KB

  • MD5

    713c4baea8bc9b49105792190c349a80

  • SHA1

    0c14ab0c1dbd04d8f84f7883602f83bd4f099bf9

  • SHA256

    f9918f331d7c5bbeb3685f86a21c25a356f5fa727ef512c820103594cd68f4eb

  • SHA512

    0f99043a6cd13f7c342fa27f510a28667e38b675ab46b831b66c73fa86f074f9aff5100a511105747f565536ef46361ec0d14b7d0f1c2da229d003ff9edde870

  • SSDEEP

    6144:srX3hS0bJjtxn+oHcFIfHZVc+Rm6yxAjuHKTSwABrxxJa/YESt4mvpeBD0LciHZ:srg0b5+oG0Hyx2SjlDa/ZSt4mv+ni5

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 316
      2⤵
      • Program crash
      PID:3340
    • C:\Users\Admin\AppData\Local\Temp\713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2876
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 344
        3⤵
        • Program crash
        PID:4708
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 360
        3⤵
        • Program crash
        PID:544
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5064 -ip 5064
    1⤵
      PID:1696
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2876 -ip 2876
      1⤵
        PID:2976
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2876 -ip 2876
        1⤵
          PID:4968

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\713c4baea8bc9b49105792190c349a80_NeikiAnalytics.exe
          Filesize

          960KB

          MD5

          a046c4daa63655a4bab6721974c2198b

          SHA1

          39cbdb7360659bddd37744570b637ff8a17c7c72

          SHA256

          37a66ecf1ecbf03e816479a7f824f7a16f425167227f8008d80e1bb42e8c73bc

          SHA512

          6cc0d80aeff0e373e9d0c0a1a17843e971cf4cb6ce9e0c08ce4c873f1fb0fefe6cd5914fb5f4904cac55eac23f6edcfd144c2e1491c50223c4496672ce31ffa8

          Download Submit

        • memory/2876-7-0x0000000000400000-0x00000000004EF000-memory.dmp

          Filesize

          956KB

          Download

        • memory/2876-8-0x0000000005010000-0x00000000050FF000-memory.dmp

          Filesize

          956KB

          Download

        • memory/2876-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download

        • memory/5064-0-0x0000000000400000-0x00000000004EF000-memory.dmp

          Filesize

          956KB

          Download

        • memory/5064-6-0x0000000000400000-0x00000000004EF000-memory.dmp

          Filesize

          956KB

          Download