Overview

overview

7

Static

static

3

a12653b1f1...cs.exe

windows7-x64

7

a12653b1f1...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/06/2024, 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a12653b1f177983eb6203239a61cab00_NeikiAnalytics.exe

  • Size

    2.4MB

  • MD5

    a12653b1f177983eb6203239a61cab00

  • SHA1

    5ade895855397b3e271a5a7816e57fcb7ec94f43

  • SHA256

    ee8f9c871808e83a9cc3a7bfbff3b8ad11911b9a1a24217b2820adf350751d40

  • SHA512

    e5aa586cfd3381a050aa79e936df8f597c1531003dd115f3bd9e25ebd2006ded9c50cee9bceec9bc55ea004bf8dc4d7efa06cac873d1e18ae7203ba71fd7cd57

  • SSDEEP

    24576:+q4ZGnR6WIxJo+a/ZS7W+iniF+ujZXIMfX2av5SAODFDn:+q4Z0IVs+gMPiniXtXIMfX2wGBDn

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a12653b1f177983eb6203239a61cab00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a12653b1f177983eb6203239a61cab00_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 344
      2⤵
      • Program crash
      PID:1816
    • C:\Users\Admin\AppData\Local\Temp\a12653b1f177983eb6203239a61cab00_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\a12653b1f177983eb6203239a61cab00_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3524
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 348
        3⤵
        • Program crash
        PID:2592
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 360
        3⤵
        • Program crash
        PID:3184
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1192 -ip 1192
    1⤵
      PID:3092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3524 -ip 3524
      1⤵
        PID:3860
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3524 -ip 3524
        1⤵
          PID:772

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\a12653b1f177983eb6203239a61cab00_NeikiAnalytics.exe
          Filesize

          2.4MB

          MD5

          080e5e4a067ab4492f1f5c2381cc0c78

          SHA1

          ea5dd776ad2f9d7eb160206a789ac7caf62c26c4

          SHA256

          a914900960282bac989d47ce5c5e13df6d233959c207a23ad8657b7d3ec3a7c0

          SHA512

          653060692533e76cc258f0c08bb9ffa3aec64c51737d5565a63ef9db42cf3044c96c937ee5e1272a580b8efa41a59afb0a7b37b48018dd9a4ac0db5e79bacf18

          Download Submit

        • memory/1192-0-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/1192-6-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/3524-7-0x0000000000400000-0x00000000004F0000-memory.dmp

          Filesize

          960KB

          Download

        • memory/3524-8-0x0000000001570000-0x0000000001660000-memory.dmp

          Filesize

          960KB

          Download

        • memory/3524-9-0x0000000000400000-0x00000000004A3000-memory.dmp

          Filesize

          652KB

          Download