Overview

overview

7

Static

static

3

5ddbe3e4e4...cs.exe

windows7-x64

7

5ddbe3e4e4...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe

  • Size

    192KB

  • MD5

    5ddbe3e4e4fcc8163a8147daba347190

  • SHA1

    3d4f5abbbbfb5504c77583a53ccc330c87614701

  • SHA256

    7edd94b53216fd0d45d02404437bd7b004f85378d1a8669ce03e5828a483aca2

  • SHA512

    2b5c892b77de8e4e95e503ed4e6cafd50912e6e8b26d61bb5e373b16886aacda538a1867eaa3e9edf4f956e46a617fab9202e14df6504d9431555d9a7ca91196

  • SSDEEP

    3072:D3jY5KTnhnQDlZ2iPTzf+pmGVjymkJ6xqv1/Zi0Jj9mQVONt7Vuh67:D3k5KThnQXx7r+pmGdNM6xqv/i8L4N2S

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 396
      2⤵
      • Program crash
      PID:2484
    • C:\Users\Admin\AppData\Local\Temp\5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3604
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 364
        3⤵
        • Program crash
        PID:3128
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4700 -ip 4700
    1⤵
      PID:1684
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 3604 -ip 3604
      1⤵
        PID:1328

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\5ddbe3e4e4fcc8163a8147daba347190_NeikiAnalytics.exe
        Filesize

        192KB

        MD5

        94183aded086d8e60efd724174a6a1f7

        SHA1

        9ff06a5649370694f0714a6b1f9448fefa579b1a

        SHA256

        325ea8b3051e9b217734c3ed114ffafad8d11d65cf1b58aa8bab786a441c2a4f

        SHA512

        6062cb3e1c9d0e8960092540a8bc4f55f7854ecaad8c19395658f4f929cf673e8e640013120c33cea33341766f7ffa82e8e297d172e081c8e46df5f12c2498b1

        Download Submit

      • memory/3604-8-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/3604-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3604-14-0x0000000001490000-0x00000000014C7000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4700-0-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4700-7-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download