0ef935d389d038b72112948b9cf06990579e5b894275451d2a65b9d4e2325140

General

Target

12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe
Size

184KB
MD5

12226b157da60b9a14d1ff309d6a81d0
SHA1

4dec7c6c86fe1f65949101e758656c34e5468eb9
SHA256

0ef935d389d038b72112948b9cf06990579e5b894275451d2a65b9d4e2325140
SHA512

212775d896b44f26fcc66690fac77cbc807a835f151419f596f33abb59741f0646e06bfbfce9ea121bf50877732052e67884741d85de99cd63b07121fea3f76c
SSDEEP

3072:Z+RgXmochP1td7wtWhS8ZAbUcvnqnmiFO:Z+PoO77w78ObUcPqnmiF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
1556	Unicorn-4957.exe
432	Unicorn-49244.exe
1652	Unicorn-36006.exe
4432	Unicorn-62238.exe
1920	Unicorn-14189.exe
4532	Unicorn-1143.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2716	4864	WerFault.exe	82
4600	1556	WerFault.exe	91
3516	432	WerFault.exe	97
4492	1652	WerFault.exe	101
2288	4432	WerFault.exe	106
4424	1920	WerFault.exe	109

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4864	12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe
1556	Unicorn-4957.exe
432	Unicorn-49244.exe
1652	Unicorn-36006.exe
4432	Unicorn-62238.exe
1920	Unicorn-14189.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 1556	4864	12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe	91
PID 4864 wrote to memory of 1556	4864	12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe	91
PID 4864 wrote to memory of 1556	4864	12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe	91
PID 1556 wrote to memory of 432	1556	Unicorn-4957.exe	97
PID 1556 wrote to memory of 432	1556	Unicorn-4957.exe	97
PID 1556 wrote to memory of 432	1556	Unicorn-4957.exe	97
PID 432 wrote to memory of 1652	432	Unicorn-49244.exe	101
PID 432 wrote to memory of 1652	432	Unicorn-49244.exe	101
PID 432 wrote to memory of 1652	432	Unicorn-49244.exe	101
PID 1652 wrote to memory of 4432	1652	Unicorn-36006.exe	106
PID 1652 wrote to memory of 4432	1652	Unicorn-36006.exe	106
PID 1652 wrote to memory of 4432	1652	Unicorn-36006.exe	106
PID 4432 wrote to memory of 1920	4432	Unicorn-62238.exe	109
PID 4432 wrote to memory of 1920	4432	Unicorn-62238.exe	109
PID 4432 wrote to memory of 1920	4432	Unicorn-62238.exe	109
PID 1920 wrote to memory of 4532	1920	Unicorn-14189.exe	112
PID 1920 wrote to memory of 4532	1920	Unicorn-14189.exe	112
PID 1920 wrote to memory of 4532	1920	Unicorn-14189.exe	112

C:\Users\Admin\AppData\Local\Temp\12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\12226b157da60b9a14d1ff309d6a81d0_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4957.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4957.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        7⤵
        Executes dropped EXE
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 724
        7⤵
        Program crash
        
        PID:4424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 752
        6⤵
        Program crash
        
        PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 744
        5⤵
        Program crash
        
        PID:4492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 744
      4⤵
      Program crash
      PID:3516
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 724
    3⤵
    - Program crash
    PID:4600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 744
  2⤵
  - Program crash
  PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4864 -ip 4864
1⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1556 -ip 1556
1⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 432 -ip 432
1⤵
PID:428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1652 -ip 1652
1⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 4432 -ip 4432
1⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1920 -ip 1920
1⤵
PID:680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe

Filesize
184KB

MD5
edf55bd171bda1b9adda5e1d0b427ac3

SHA1
36deb68d036087f47cbc75fb128a2aa7f420ab4f

SHA256
34ac813dbb56444eabffb8ba2c36ac3481da523ba5f473acad9d237b8bfde03c

SHA512
c894d6689dd600d9b2279d90435d77ccdb86ebea63bc176683be25e1af5b15ed9f165e55970b4809a2945724852ba5135720480f5650af69f54cdfbecb703eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe

Filesize
184KB

MD5
f42bab33a5ee20e1bdf1d05246d531bf

SHA1
abd7e1fa0f3b4adde9fa0a59dd9a9fe631144c53

SHA256
e613f182ca5d3f5ce05f4b01331fea2feac61c9847b37e6bf6c5d09f9051e6f2

SHA512
e1aae13453c8b17bbb816963e25953de97c1d1d6d314c6526241649f4f613218d4d0ec452cc21b9f5c5dfef26fd18f15144e936580902f413b87f57dc87d7b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe

Filesize
184KB

MD5
4f75ead5d9c5bb9c887b2e57dbbb368f

SHA1
b3806868adc0e67f8025af4c44852fd02c8c0299

SHA256
3c430ae4adf91ac1cef903145679bfedb45ca153bb7a500ad86ff92d210dcb7e

SHA512
d1acd289ea3c952e991cbcf65ec245854037a931a836cd7d85dc27fe5811ba2c5d7715099dd0d6070fb87fd7d5f0ad64ae804e3e84920ffe79f6597a0d2e19d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe

Filesize
184KB

MD5
653fbd6121e0e3d8986fe4fb05d87c23

SHA1
aae9feb540d101a893621e470de6316263f979b0

SHA256
633c40c7ed3b2e4530b02d145d907d8e7244c0d2a782e95e75638fa1addf17c7

SHA512
724a1a82511bf29725ef1795c77a400cbb9c9b2b60719b8b2b1f69418d218ec4e2c43e9e27905326a3ecc4a92b1e7a835031617ed21a48f1f00e2cb038bd930a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4957.exe

Filesize
184KB

MD5
ba82dfaccaad56978a5ad8348492e95c

SHA1
ea6e04a884b294d430fb4c11445f93eb4d2c7506

SHA256
9a69b64edddfa67968192eea71a02cdad3566626adaabeddfd54e17c10a8723a

SHA512
ecd5793fe07535fbfcb8dee0cb5a0d1ad01d1b2e4a1815a4e0a6f5212b7296db9e5f4e69eca56148b5b5d477afad7c541af36d986074c9b1a42dcd6b45f5083e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe

Filesize
184KB

MD5
ebec8be1c41cc330e68799b41034fb6b

SHA1
faeff1aeceb7ba31768f91561f1ea25e2f25158f

SHA256
6bcf8395d5c5486f94953aa0e302491b766e2d7387203d10b79785829770ea9d

SHA512
ce39b4c8d713401dde19d09655458119be50321d42d8bf5a3b31a75d9b2566c2e2528b942ada2e0a158a2b859c3329fccd730be72895829c9228124870a57d38

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads