Overview

overview

7

Static

static

3

6b9d00eb0a...cs.exe

windows7-x64

7

6b9d00eb0a...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b9d00eb0ad60acd8ad7e573b3d555a0_NeikiAnalytics.exe

  • Size

    233KB

  • MD5

    6b9d00eb0ad60acd8ad7e573b3d555a0

  • SHA1

    f1de62b9f1fdfb3a2dc29dc769a305035bca223e

  • SHA256

    7b21bb6f57e3d4c7a95e460109742ca113e221413a42591a4bbebe92cb6c2246

  • SHA512

    a503302d4b4b08b77872aa4c5ac2a39e8f8740260a28b0c7074fbfc88d1cff9f902edc65acf59c597daf57cdfc63f22cd8d4a469259e553e0fae47cf45798147

  • SSDEEP

    6144:rkkM2hKmhALJPubRNqr3UgsfcQTeR6pTHa0x0p6RmMYdgAfAyxRPYdSNJC:Ag6LJPubRNqrkgsEQTeRgTHa0x0p6Rm4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b9d00eb0ad60acd8ad7e573b3d555a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6b9d00eb0ad60acd8ad7e573b3d555a0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4552
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 396
      2⤵
      • Program crash
      PID:4768
    • C:\Users\Admin\AppData\Local\Temp\6b9d00eb0ad60acd8ad7e573b3d555a0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\6b9d00eb0ad60acd8ad7e573b3d555a0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2312
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 368
        3⤵
        • Program crash
        PID:2020
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4552 -ip 4552
    1⤵
      PID:2904
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2312 -ip 2312
      1⤵
        PID:4780

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\6b9d00eb0ad60acd8ad7e573b3d555a0_NeikiAnalytics.exe
        Filesize

        233KB

        MD5

        1be85883eb9aaf537d90e4fc1b64b064

        SHA1

        b3dd86e3e62314f07f6071dac1b48cabeb8a83e9

        SHA256

        f42db16413ecf5e3150e471b33c23f58a641be1bbc777bd9d8fefb6488b75001

        SHA512

        9dd29b0a6fc8cf879d0000ebf75e6872bb29a042470baec6cadc821ae9ed57cb8e453dfce7a4b5f4c5fb4abc58624d9e94e3fee203d9db18c213a6cc1198e155

        Download Submit

      • memory/2312-7-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/2312-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2312-13-0x0000000004D40000-0x0000000004D7F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/4552-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/4552-6-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download