Overview

overview

7

Static

static

3

88945e6ce7...cs.exe

windows7-x64

7

88945e6ce7...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88945e6ce795d83ca10263b358f05200_NeikiAnalytics.exe

  • Size

    203KB

  • MD5

    88945e6ce795d83ca10263b358f05200

  • SHA1

    b4274b9876df70ece20d430a6d3a6f98b19bb646

  • SHA256

    0c176f08fe2324bfdc3a197ea885cac4d894965e1efc6e9c69acb9c3bb7d474b

  • SHA512

    c988aef778f8381ae768480f44742e1e035e8c4809ae55cfe45826564635b18b66e55f35cc0173b85257316a25ecc9db09592123af397a66de9128e7dfa3a242

  • SSDEEP

    3072:a2UVGcEwDz5xWfllnMXdUVnhbi6cyUBqpCdfpomY99dUdp2FkG+6Rs7UcELgUUnF:daz+lPnVUBVgKPELgUqwKoPsZ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88945e6ce795d83ca10263b358f05200_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\88945e6ce795d83ca10263b358f05200_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 356
      2⤵
      • Program crash
      PID:4340
    • C:\Users\Admin\AppData\Local\Temp\88945e6ce795d83ca10263b358f05200_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\88945e6ce795d83ca10263b358f05200_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 352
        3⤵
        • Program crash
        PID:2728
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 768
        3⤵
        • Program crash
        PID:2800
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 788
        3⤵
        • Program crash
        PID:1316
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 796
        3⤵
        • Program crash
        PID:2760
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1504 -ip 1504
    1⤵
      PID:768
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2768 -ip 2768
      1⤵
        PID:1964
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2768 -ip 2768
        1⤵
          PID:1564
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2768 -ip 2768
          1⤵
            PID:3356
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
            1⤵
              PID:564
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2768 -ip 2768
              1⤵
                PID:3084

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\88945e6ce795d83ca10263b358f05200_NeikiAnalytics.exe
                Filesize

                203KB

                MD5

                2bef75cb85d2e8d6007fc65b4eee51f7

                SHA1

                d8b306ed9fb7053652a169b0cf3387f7ab9a4130

                SHA256

                c627b462634255e465597f9d94f5095d44f6a96299147e841746a10c23dea11a

                SHA512

                32f916ae3950296dc3376627421c8d08bef4a11c5e41cbafb3d5d1e33a2b17cdb90ab50839753e1ab65959b1fb4e8bc0fd69725769ea9a13c8b93743f9329ce3

                Download Submit

              • memory/1504-0-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/1504-6-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/2768-7-0x0000000000400000-0x000000000043E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/2768-8-0x0000000001510000-0x000000000154E000-memory.dmp

                Filesize

                248KB

                Download

              • memory/2768-9-0x0000000000400000-0x0000000000415000-memory.dmp

                Filesize

                84KB

                Download