Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
15/05/2024, 10:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe
Resource
win7-20240419-en
4 signatures
150 seconds
General
-
Target
cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe
-
Size
783KB
-
MD5
cc3fbf3f80bfbaf5d16717b81500c860
-
SHA1
f2fef8ea8c34302bce93fb0be3efb7d26a12c6f4
-
SHA256
dd88e5d49d2c52dc1b9be99bf0f4ebc6f971cb64a4455674a4cc2a7fed0fd6a1
-
SHA512
64a323d62d7fc7165c9e4534d4284d290442ecf2844b199402901b8e4ad746bb378a3309f11e2b09d506c6837ab44baea407d853dadb5149a7c4fc503eecd4f7
-
SSDEEP
12288:M13ULO2oiSGUGHp2O0GnhGyv9JBrn+KNBKVaJqav+Y8vyQA5DRz:M9sO2G1gp2wUqBrn/BM61C
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 5 IoCs
description ioc Process File opened for modification C:\Program Files\7-Zip\Uninstall.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7z.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe File opened for modification C:\Program Files\7-Zip\7zG.exe cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2992 3012 WerFault.exe 27 -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 3012 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3012 wrote to memory of 2992 3012 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 28 PID 3012 wrote to memory of 2992 3012 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 28 PID 3012 wrote to memory of 2992 3012 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 28 PID 3012 wrote to memory of 2992 3012 cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cc3fbf3f80bfbaf5d16717b81500c860_NeikiAnalytics.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 1562⤵
- Program crash
PID:2992
-