da012a5563dd239bc5b8547917a0bbf268ac5d70c9fe950284586fa86ff28542

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe
Size

184KB
MD5

6609b48e40b938cc61a5b451efc4eec0
SHA1

880180e181e168825490aaa315ed1e70e5f631b5
SHA256

da012a5563dd239bc5b8547917a0bbf268ac5d70c9fe950284586fa86ff28542
SHA512

8387a9b63ebeabc31f0a8d0b352783926a424c7eebce9ed43e21022dc5ff6822934617516c893d9a9d146bc6ad1233f3ed29ab9c95927bf58bd9d9d0ed12e10c
SSDEEP

3072:ByqypxoThHOtdttWe4iLRcs6hlzViF7n3:Byvos7ttFLCs6hlzViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1048	Unicorn-656.exe
2708	Unicorn-63570.exe
2536	Unicorn-28288.exe
3036	Unicorn-1064.exe

Loads dropped DLL 35 IoCs

pid	Process
2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe
2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe
1048	Unicorn-656.exe
1048	Unicorn-656.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2708	Unicorn-63570.exe
2708	Unicorn-63570.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2624	WerFault.exe
2536	Unicorn-28288.exe
2536	Unicorn-28288.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2252	2480	WerFault.exe	27
2920	1048	WerFault.exe	28
2624	2708	WerFault.exe	30
2528	2536	WerFault.exe	32

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe
1048	Unicorn-656.exe
2708	Unicorn-63570.exe
2536	Unicorn-28288.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1048	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	28
PID 2480 wrote to memory of 1048	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	28
PID 2480 wrote to memory of 1048	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	28
PID 2480 wrote to memory of 1048	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	28
PID 2480 wrote to memory of 2252	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	29
PID 2480 wrote to memory of 2252	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	29
PID 2480 wrote to memory of 2252	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	29
PID 2480 wrote to memory of 2252	2480	6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe	29
PID 1048 wrote to memory of 2708	1048	Unicorn-656.exe	30
PID 1048 wrote to memory of 2708	1048	Unicorn-656.exe	30
PID 1048 wrote to memory of 2708	1048	Unicorn-656.exe	30
PID 1048 wrote to memory of 2708	1048	Unicorn-656.exe	30
PID 1048 wrote to memory of 2920	1048	Unicorn-656.exe	31
PID 1048 wrote to memory of 2920	1048	Unicorn-656.exe	31
PID 1048 wrote to memory of 2920	1048	Unicorn-656.exe	31
PID 1048 wrote to memory of 2920	1048	Unicorn-656.exe	31
PID 2708 wrote to memory of 2536	2708	Unicorn-63570.exe	32
PID 2708 wrote to memory of 2536	2708	Unicorn-63570.exe	32
PID 2708 wrote to memory of 2536	2708	Unicorn-63570.exe	32
PID 2708 wrote to memory of 2536	2708	Unicorn-63570.exe	32
PID 2708 wrote to memory of 2624	2708	Unicorn-63570.exe	33
PID 2708 wrote to memory of 2624	2708	Unicorn-63570.exe	33
PID 2708 wrote to memory of 2624	2708	Unicorn-63570.exe	33
PID 2708 wrote to memory of 2624	2708	Unicorn-63570.exe	33
PID 2536 wrote to memory of 3036	2536	Unicorn-28288.exe	34
PID 2536 wrote to memory of 3036	2536	Unicorn-28288.exe	34
PID 2536 wrote to memory of 3036	2536	Unicorn-28288.exe	34
PID 2536 wrote to memory of 3036	2536	Unicorn-28288.exe	34
PID 2536 wrote to memory of 2528	2536	Unicorn-28288.exe	35
PID 2536 wrote to memory of 2528	2536	Unicorn-28288.exe	35
PID 2536 wrote to memory of 2528	2536	Unicorn-28288.exe	35
PID 2536 wrote to memory of 2528	2536	Unicorn-28288.exe	35

C:\Users\Admin\AppData\Local\Temp\6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6609b48e40b938cc61a5b451efc4eec0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        5⤵
        Executes dropped EXE
        
        PID:3036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2624
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
  2⤵
  - Program crash
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe

Filesize
184KB

MD5
6ff70650bfc6817a0bf55d60c95cdedc

SHA1
6930a0a68995108cc5fe8a1834dd1612f7366990

SHA256
a3c1f79ed7ec5a931622a14904f50b59117386e7fa944eec738022337b1db62c

SHA512
8169e457e8a12c4a6fcb9acf8ad5cc5d3efd3f17dde8f2263beaa839c275cb58c6a8e994948d1f25856c1d873141de23238aa2dac8656c1bdb36bdaff066104e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe

Filesize
184KB

MD5
ab18c550a366c6929f5e476ab98405aa

SHA1
9c74a1c0d1aa1ef5b31fbb3a87c3487195f2edd6

SHA256
02b433c4ef6998a8a601cfcbfdabc32642eeb4a50645987165a4ea5801714602

SHA512
f87dd9c3fab7354a4e672c56a52be6d84b26eee94a06d30ebe2985fae963c53cb6de5414a41cfb356f05e9fe85fa73d8a4900ebb4eb1fc9733f39b183ffe0ba3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe

Filesize
184KB

MD5
331a723aaff6af6ce80236cb0ec3fdeb

SHA1
3becee1340c592a767517367b67b39c2dc22094e

SHA256
1429dc9c4479741cf9903b99fd66e711add09b435c46233d194ae0a04901354c

SHA512
bf80239c083498ddd2689ec88029c710e26946f15facc5b74bfed768ff4a8212c7eca0976a4ea9539afbad9a59f6ddaef55c1c03d35e86ba512845cb9ab4e4f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-656.exe

Filesize
184KB

MD5
1b23dcffc59490c26591a4857a507256

SHA1
f87b6ff44668ea82963d238602aedab02970d264

SHA256
6cdb85f3fb2554ce22d58b00aeb27b5f53d261b8ff98c6ab6d76cb6958342e8d

SHA512
f34a681ab8dd307b658cfef439e61a8905e8d07a69d7688ad56f407c289ab5f2d8f3cf1f7e6c82d2336ad91b6355a1d81620f5e96baf93094ce513e8deaee9d9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads