Overview

overview

7

Static

static

3

500b1012b2...cs.exe

windows7-x64

7

500b1012b2...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    500b1012b2129355463285ac7e7840c0_NeikiAnalytics.exe

  • Size

    320KB

  • MD5

    500b1012b2129355463285ac7e7840c0

  • SHA1

    19ec2af87c7e71f73f23cfb3374512dc3587c479

  • SHA256

    78378453292369749970abfcc0d53213c2fe943314f769fed4ef0e9314ef11d1

  • SHA512

    db513a6deb6c747cd4d53c33faa3c2ea4dce37b9b88baae5b87b9f36fc6427ed0747e5c06cff9f73b7f5b094a9079d17769e11ad8e6436a0ce61baec823b70ea

  • SSDEEP

    6144:fqjkWx4UFyaE8UVbdaYKQU4Sv7sKG7NIDEqZK0W7cyqCxSngmMBqfycuPbUl0i5w:wH4UEaE8UpdaYvU4E7wwEqZQ0npM4dlY

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\500b1012b2129355463285ac7e7840c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\500b1012b2129355463285ac7e7840c0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Users\Admin\AppData\Local\Temp\500b1012b2129355463285ac7e7840c0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\500b1012b2129355463285ac7e7840c0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4328
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 368
        3⤵
        • Program crash
        PID:4868
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 768
        3⤵
        • Program crash
        PID:220
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 788
        3⤵
        • Program crash
        PID:1748
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 808
        3⤵
        • Program crash
        PID:3692
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4888 -ip 4888
    1⤵
      PID:2128
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4328 -ip 4328
      1⤵
        PID:1188
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:3608
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4328 -ip 4328
          1⤵
            PID:748
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4328 -ip 4328
            1⤵
              PID:2780
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4328 -ip 4328
              1⤵
                PID:3528

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\500b1012b2129355463285ac7e7840c0_NeikiAnalytics.exe
                Filesize

                320KB

                MD5

                8113afbfa1d90fbb5d1ae76c5830f8b0

                SHA1

                513d510cb9a1b9cd9d8985db2d98f282fd39496b

                SHA256

                f2139dccf57317aa66ce729741d540b7fafe5f1e57ca059ae7d997133ef47f26

                SHA512

                40fb137b841b6165592de31c304c2de42efa6ac6ce8436d8d5880de221e9883460ceaac097f7f67027aeb26946c3ae15a4238e6657b4f0250905f617a07a8fcb

                Download Submit
              • memory/4328-10-0x0000000000400000-0x0000000000438000-memory.dmp
                Filesize

                224KB

                Download
              • memory/4328-11-0x0000000000400000-0x0000000000438000-memory.dmp
                Filesize

                224KB

                Download
              • memory/4328-14-0x00000000014A0000-0x00000000014D8000-memory.dmp
                Filesize

                224KB

                Download
              • memory/4328-15-0x0000000000400000-0x0000000000415000-memory.dmp
                Filesize

                84KB

                Download
              • memory/4888-0-0x0000000000400000-0x0000000000438000-memory.dmp
                Filesize

                224KB

                Download
              • memory/4888-1-0x0000000000400000-0x0000000000438000-memory.dmp
                Filesize

                224KB

                Download
              • memory/4888-2-0x0000000000400000-0x0000000000438000-memory.dmp
                Filesize

                224KB

                Download
              • memory/4888-6-0x0000000000400000-0x0000000000438000-memory.dmp
                Filesize

                224KB

                Download