Overview

overview

7

Static

static

3

4f8286172f...cs.exe

windows7-x64

7

4f8286172f...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 22:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe

  • Size

    320KB

  • MD5

    4f8286172fb9344af6a732bdfae3b6f0

  • SHA1

    56d0d408443aa12b183086a9b263d9b37195cb95

  • SHA256

    84950f4916828dd90af86ce54cf4319777bbad24ed10fc60f24cef544a584e4a

  • SHA512

    87bd791f561a9a00c259301a9708d47af1c879cbcf2847599bf5bd4979805cd93bd63caf47a78e9492fbd0abee9fc78555e526d715cc4446f79f694970bd53cd

  • SSDEEP

    6144:a2vfy7/6n4/pSgCi7nK6UkB53BDu0W7cyqCxSngmMBqfycuPbUl0i5j:aYyAYSgp7X53p80npM4dl0s

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 356
      2⤵
      • Program crash
      PID:4676
    • C:\Users\Admin\AppData\Local\Temp\4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4484
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 352
        3⤵
        • Program crash
        PID:1464
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 768
        3⤵
        • Program crash
        PID:2740
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 808
        3⤵
        • Program crash
        PID:4912
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 816
        3⤵
        • Program crash
        PID:1392
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4888 -ip 4888
    1⤵
      PID:4324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4484 -ip 4484
      1⤵
        PID:1048
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4484 -ip 4484
        1⤵
          PID:1184
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4484 -ip 4484
          1⤵
            PID:3952
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2432 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
            1⤵
              PID:4600
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4484 -ip 4484
              1⤵
                PID:1152

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\4f8286172fb9344af6a732bdfae3b6f0_NeikiAnalytics.exe
                Filesize

                320KB

                MD5

                e460af89f60781073a39840bb66fed1c

                SHA1

                bcc9c6a6664ae5f41244bc1525504cf7f93c0365

                SHA256

                c76623b49f3ee111b22060795bf17253d3f66ba73bdfd345e71bf6be29bf0240

                SHA512

                2c345dcf97f7f5898a0452f69eebcd10ebfa20e4565e8e0b4c64266cc72e4812936271289c28e27b48421f827c44137211ba3963fcfe9b5cb36df038c5199148

                Download Submit
              • memory/4484-7-0x0000000000400000-0x000000000043C000-memory.dmp
                Filesize

                240KB

                Download
              • memory/4484-8-0x00000000014A0000-0x00000000014DC000-memory.dmp
                Filesize

                240KB

                Download
              • memory/4484-9-0x0000000000400000-0x0000000000415000-memory.dmp
                Filesize

                84KB

                Download
              • memory/4888-0-0x0000000000400000-0x000000000043C000-memory.dmp
                Filesize

                240KB

                Download
              • memory/4888-6-0x0000000000400000-0x000000000043C000-memory.dmp
                Filesize

                240KB

                Download