1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe
Size

175KB
MD5

717e97851b24d6bb6a0ec9e51839aaa0
SHA1

b558d682772bd4723caadc6e5ff96879f80fceda
SHA256

1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996
SHA512

39d2b919beffb11e5fdbc42622b769784ace01b731f8a95d21645f01eafcffe11557ce3b7582b00a3273e876b62adeb6026ae184d45143e5963e142b351aae1f
SSDEEP

3072:JY4p58qT0zcMOUa3BN0gtqE6IOuTs0fhjXGVo1ClEsznC+rHj5:JD6qTzNUaRNLtqE6IOuw0fRXGe0lEqCg

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4728	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
4728	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1812	4888	WerFault.exe	81
3592	4728	WerFault.exe	88
2176	4728	WerFault.exe	88
2896	4728	WerFault.exe	88
1652	4728	WerFault.exe	88
1768	4728	WerFault.exe	88
744	4728	WerFault.exe	88

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4888	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4728	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4728	4888	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	88
PID 4888 wrote to memory of 4728	4888	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	88
PID 4888 wrote to memory of 4728	4888	1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe	88

C:\Users\Admin\AppData\Local\Temp\1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 384
  2⤵
  - Program crash
  PID:1812
- C:\Users\Admin\AppData\Local\Temp\1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:4728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 356
    3⤵
    - Program crash
    PID:3592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 768
    3⤵
    - Program crash
    PID:2176
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 544
    3⤵
    - Program crash
    PID:2896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 804
    3⤵
    - Program crash
    PID:1652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 776
    3⤵
    - Program crash
    PID:1768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 788
    3⤵
    - Program crash
    PID:744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4888 -ip 4888
1⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4728 -ip 4728
1⤵
PID:1880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4728 -ip 4728
1⤵
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4728 -ip 4728
1⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4728 -ip 4728
1⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4728 -ip 4728
1⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4728 -ip 4728
1⤵
PID:4112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1d8511fa3127ecad14b5f564e9c28d505c5c9e766884755d9e9d96a1776dd996_NeikiAnalytics.exe

Filesize
175KB

MD5
280ed2cb4960eb6e367083a3b8f7e729

SHA1
1f90609fb8934d3028eb65836f715f093404ac38

SHA256
db1b9cf6c8a53f4956bf2477ab5fe428f27e3355a2bcd7b5cfa995c77fadf8f6

SHA512
3ec61b91f1429e5a1da031f7a42aa8bf79204862bd2dfa94725241866edd84d7d35bd88d048856b29f910c85cd86328804c387f978c4b13c5d856a9a63045c79

Download Submit
memory/4728-8-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4728-9-0x0000000004D90000-0x0000000004DC3000-memory.dmp

Filesize
204KB

Download
memory/4728-10-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4888-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4888-7-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download