Overview

overview

7

Static

static

3

13e13732f6...cs.exe

windows7-x64

7

13e13732f6...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13e13732f695efdfd3572fca49ff7570_NeikiAnalytics.exe

  • Size

    218KB

  • MD5

    13e13732f695efdfd3572fca49ff7570

  • SHA1

    9e14f6c9e42bdc36b44b3e56a005c4c36356124b

  • SHA256

    b0c5fa918254780dddf0e0a1fe02e54cb38c7b84a05fefcdf9b00bcb84edfe33

  • SHA512

    2df86c36a0d8049520947e833bd5f450baf42eade8febe84b4158cf8cd483b25ffcf99a19333b735ef99db869d01269efeedfa1cf23fc99d00281a6f0e807215

  • SSDEEP

    6144:h0KGo4GsI4QupTbvAAbUCRSkoHyjm0dySTqo86NvX9aLisM+Nea:dhsI4nTbvXBSkogX9aLisvNea

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13e13732f695efdfd3572fca49ff7570_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\13e13732f695efdfd3572fca49ff7570_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4648
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 400
      2⤵
      • Program crash
      PID:3052
    • C:\Users\Admin\AppData\Local\Temp\13e13732f695efdfd3572fca49ff7570_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\13e13732f695efdfd3572fca49ff7570_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3572
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 368
        3⤵
        • Program crash
        PID:1232
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4648 -ip 4648
    1⤵
      PID:2184
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3572 -ip 3572
      1⤵
        PID:1572

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\13e13732f695efdfd3572fca49ff7570_NeikiAnalytics.exe
        Filesize

        218KB

        MD5

        a276f24935a6d30e065acb49c6b3603d

        SHA1

        0bb1335368bb735647d54c5fec213d76291cf519

        SHA256

        9c6ed04a22679521edbca154b5a3eb440200abd3c65d923902ef11ad4ae2f289

        SHA512

        bf80c5b57506a908dd23203b969757b15c3372debaf82f2290339b9bada60c0bb3c3e5acb4c91880ad4f5521f79c54338417fb0a2ecb66eb2feb5aa04500249e

        Download Submit

      • memory/3572-6-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/3572-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3572-13-0x00000000014C0000-0x0000000001502000-memory.dmp

        Filesize

        264KB

        Download

      • memory/4648-0-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/4648-7-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download