Overview

overview

7

Static

static

3

354aa04efb...cs.exe

windows7-x64

7

354aa04efb...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    354aa04efb23999cc1c9a4e205d2b510_NeikiAnalytics.exe

  • Size

    325KB

  • MD5

    354aa04efb23999cc1c9a4e205d2b510

  • SHA1

    d7aad7ac6419eb092f2428959db853918468f196

  • SHA256

    f9f16b5ed5d655b7d9e5178373614481be4f4a0dda05a95463c7fee7431fcb2a

  • SHA512

    e271d56083c52ac3657851d91fe31c3f5465a620200b63acec72601c072b58c462d425afeab23208e2118e5b9cc53d0e0694e1e4fbda278fea5ef142ba4f45b4

  • SSDEEP

    6144:wFDg883VmzY2EIHJTJYbh9QS1jBg46HPn6S1jBlCVZp6H:Uglmk2E6uh9/1Odt1beZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\354aa04efb23999cc1c9a4e205d2b510_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\354aa04efb23999cc1c9a4e205d2b510_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 384
      2⤵
      • Program crash
      PID:2632
    • C:\Users\Admin\AppData\Local\Temp\354aa04efb23999cc1c9a4e205d2b510_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\354aa04efb23999cc1c9a4e205d2b510_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2320
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 360
        3⤵
        • Program crash
        PID:5048
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 180
        3⤵
        • Program crash
        PID:716
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4952 -ip 4952
    1⤵
      PID:2756
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2320 -ip 2320
      1⤵
        PID:852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2320 -ip 2320
        1⤵
          PID:4040

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\354aa04efb23999cc1c9a4e205d2b510_NeikiAnalytics.exe
          Filesize

          325KB

          MD5

          ef63497d8016b2609ced044a5d5f69e7

          SHA1

          dfa4b3bfde6e902d466ffba76811b8ae866b1a34

          SHA256

          fb2712ce47e6fdaabfa1b7fd36494138837749e30fa9beb604038295648cb3ad

          SHA512

          98d0acd7a2fc2ca311171f3ac7b5d15327d953d87f9f6684270946f301d25bf716de85caeb18ea279b2789e18e89bab13404adf98fc203ba823fe0442105a3cd

          Download Submit

        • memory/2320-8-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/2320-10-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/4952-0-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download

        • memory/4952-7-0x0000000000400000-0x000000000045C000-memory.dmp

          Filesize

          368KB

          Download