Analysis

  • max time kernel
    144s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 04:02

General

  • Target

    6cdc7b35e19481c2cdd4b0dedc6c1ef0_NeikiAnalytics.exe

  • Size

    160KB

  • MD5

    6cdc7b35e19481c2cdd4b0dedc6c1ef0

  • SHA1

    d6dafbb35d3ebe03544a50b9491b6d3e342c1e95

  • SHA256

    71ff992303a0f8cc61ba1cce1d28c14c2297cc7a1d1a8ca9ac23c8d25d7ad075

  • SHA512

    b7f9316b6b114b5cb5dd7e31a509cbf0cb1a80785061a9136b072c9499bd8a3ed3a80030dd57e4638ae36d26f3acf21c0afd988ee5cf46aeb6195647fe103722

  • SSDEEP

    1536:nH1k7kZccmK9OM1q6wY/6nBRiOW+bUciXDyeAvX0J7M6QG9wIa42U6q:HYM3ERQoem9G9wltu

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2828
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      PID:3432
      • C:\Users\Admin\AppData\Local\Temp\6cdc7b35e19481c2cdd4b0dedc6c1ef0_NeikiAnalytics.exe
        "C:\Users\Admin\AppData\Local\Temp\6cdc7b35e19481c2cdd4b0dedc6c1ef0_NeikiAnalytics.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2692
        • C:\Windows\SysWOW64\winver.exe
          winver
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:1992
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 636
            4⤵
            • Program crash
            PID:452
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1992 -ip 1992
      1⤵
        PID:1996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:8
        1⤵
          PID:2372

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1992-13-0x00007FFC24F70000-0x00007FFC25165000-memory.dmp
          Filesize

          2.0MB

        • memory/1992-20-0x00007FFC24F70000-0x00007FFC25165000-memory.dmp
          Filesize

          2.0MB

        • memory/1992-18-0x0000000000BD0000-0x0000000000BD7000-memory.dmp
          Filesize

          28KB

        • memory/1992-10-0x0000000077D22000-0x0000000077D23000-memory.dmp
          Filesize

          4KB

        • memory/1992-9-0x0000000000BD0000-0x0000000000BD7000-memory.dmp
          Filesize

          28KB

        • memory/2692-15-0x0000000000400000-0x0000000000404A00-memory.dmp
          Filesize

          18KB

        • memory/2692-1-0x0000000000410000-0x0000000000413000-memory.dmp
          Filesize

          12KB

        • memory/2692-2-0x0000000000400000-0x0000000000405000-memory.dmp
          Filesize

          20KB

        • memory/2692-7-0x0000000000400000-0x000000000046F000-memory.dmp
          Filesize

          444KB

        • memory/2692-0-0x0000000000400000-0x000000000046F000-memory.dmp
          Filesize

          444KB

        • memory/2692-8-0x0000000000400000-0x000000000046F000-memory.dmp
          Filesize

          444KB

        • memory/2828-16-0x00000000008A0000-0x00000000008A7000-memory.dmp
          Filesize

          28KB

        • memory/2828-17-0x00000000008A0000-0x00000000008A7000-memory.dmp
          Filesize

          28KB

        • memory/3432-3-0x0000000000AD0000-0x0000000000AD7000-memory.dmp
          Filesize

          28KB

        • memory/3432-11-0x0000000000AD0000-0x0000000000AD7000-memory.dmp
          Filesize

          28KB

        • memory/3432-12-0x00007FFC2500D000-0x00007FFC2500E000-memory.dmp
          Filesize

          4KB

        • memory/3432-22-0x00007FFC251A0000-0x00007FFC251A1000-memory.dmp
          Filesize

          4KB