4b22ac9b5f8b55317d59ea40db785712c898e0183e3d407d528914e6fc74afac

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
Size

192KB
MD5

ad9297c96b3e7fd449cff844e955d770
SHA1

cfa192f543b6de525fc06c98ff6c3e328b3cdbc6
SHA256

4b22ac9b5f8b55317d59ea40db785712c898e0183e3d407d528914e6fc74afac
SHA512

e97b4dfd267a2e628cf3e60a495820ff02d476e0e772ced0b84b3f6c2f86ec6b42cb8bdf6eda3b2d115f734a2b4e5648df42a81fde0ecdc6fef0a5da894dd57f
SSDEEP

3072:U3gIMNOu00o71G8uySLnjN6t1si1DLoUPBt0wV8Cp0+cueGmlwo0yRzzYMK5V8Uh:U35Mn00UuXjqXoUYwZ9TsMNp21Q53BDh

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4492	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
4492	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
3592	3628	WerFault.exe	80
3876	4492	WerFault.exe	88
4716	4492	WerFault.exe	88
4536	4492	WerFault.exe	88
4324	4492	WerFault.exe	88
5004	4492	WerFault.exe	88
3700	4492	WerFault.exe	88

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3628	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4492	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4492	3628	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe	88
PID 3628 wrote to memory of 4492	3628	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe	88
PID 3628 wrote to memory of 4492	3628	ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe	88

C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 384
  2⤵
  - Program crash
  PID:3592
- C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 364
    3⤵
    - Program crash
    PID:3876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 768
    3⤵
    - Program crash
    PID:4716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 808
    3⤵
    - Program crash
    PID:4536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 772
    3⤵
    - Program crash
    PID:4324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 776
    3⤵
    - Program crash
    PID:5004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 792
    3⤵
    - Program crash
    PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3628 -ip 3628
1⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4492 -ip 4492
1⤵
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4492 -ip 4492
1⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4492 -ip 4492
1⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4492 -ip 4492
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4492 -ip 4492
1⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4492 -ip 4492
1⤵
PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ad9297c96b3e7fd449cff844e955d770_NeikiAnalytics.exe

Filesize
192KB

MD5
5db4ab049cb9f75840d0eb4173f40085

SHA1
5337ca54267c99edc9c712f06110c43217a50c01

SHA256
d44333e98258051bea41359e216f7aa8c29f1309ee14dfba318815567c86e304

SHA512
4d5c91759e5dbcb803f4c55a3322b67bef9e276766512a954a741d10899b76773fd978bba519e37058a76aa8cf10b8f860d29f6ade4ca672d71773bc4cafe547

Download Submit
memory/3628-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/3628-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4492-7-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4492-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4492-13-0x00000000014C0000-0x00000000014FC000-memory.dmp

Filesize
240KB

Download