Analysis

  • max time kernel
    140s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:46

General

  • Target

    39471cfa2cd128036698a8a052376620_NeikiAnalytics.exe

  • Size

    255KB

  • MD5

    39471cfa2cd128036698a8a052376620

  • SHA1

    4ccfb14d1991a4bd06612302bc2cfbba4404af13

  • SHA256

    570ccd188f94a1dfe89586e8098b6256e1138b413a3e2c40ee138575c6438d82

  • SHA512

    76ac685fa2acdb9ad23b454926fdfccd0cde35875b7f2280417addebfa98f9a454d64326b0844c79f5bd5f4309e9bb7045ff58738a21899693d531d59dd1989b

  • SSDEEP

    6144:R4qr1wY3IFAg8c54HzIHZhJF27zgVhEQaO/JLtxe/6GfAczg2870V:Hr1l3I78cXZhW8V2QLLqP4kg287o

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39471cfa2cd128036698a8a052376620_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\39471cfa2cd128036698a8a052376620_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:5016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 376
      2⤵
      • Program crash
      PID:3220
    • C:\Users\Admin\AppData\Local\Temp\39471cfa2cd128036698a8a052376620_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\39471cfa2cd128036698a8a052376620_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:744
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 352
        3⤵
        • Program crash
        PID:4608
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5016 -ip 5016
    1⤵
      PID:2416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 744 -ip 744
      1⤵
        PID:760
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5132 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4708

        Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\39471cfa2cd128036698a8a052376620_NeikiAnalytics.exe

                Filesize

                255KB

                MD5

                acbe1550354079f9a611f64ff8d28901

                SHA1

                fc88787b13299a8ef011ad548f4435653ed28d00

                SHA256

                d00ffbed193a2497616111c88354df4b76dc71adcca7c416063a2438a613d8fb

                SHA512

                88dd400cbb5077f5c8a3fd008a6e8b736a194ab045c4fed33c207c90eb95f4bc2c998f7b2a9a7f33c36fd0475945eb2ae0341da6737a16b7a6339dba06cff5fa

              • memory/744-7-0x0000000000400000-0x0000000000443000-memory.dmp

                Filesize

                268KB

              • memory/744-8-0x0000000000400000-0x000000000041A000-memory.dmp

                Filesize

                104KB

              • memory/744-13-0x00000000014B0000-0x00000000014F3000-memory.dmp

                Filesize

                268KB

              • memory/5016-0-0x0000000000400000-0x0000000000443000-memory.dmp

                Filesize

                268KB

              • memory/5016-6-0x0000000000400000-0x0000000000443000-memory.dmp

                Filesize

                268KB