Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:57
Static task
static1
Behavioral task
behavioral1
Sample
4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe
-
Size
320KB
-
MD5
4aeaf13dc0ee3472b46115e8d077ae80
-
SHA1
9fcdfa8f9af01a248695e212b735e23d5b87aef5
-
SHA256
03d023f7625e51bbb4c392d41291bf4561db776507b77af00d30892c35bc76d8
-
SHA512
f3328b28138a318b58c949bbf51d9683ec43a53bf7601533ae93143b2f777eb62a5bae73e88a349563d7de14e58131e517bab8974fe92a04c3125bc65eb520c2
-
SSDEEP
6144:zjMrqwTyBYETNOKeLNI1Rt2sPC9KkX9aLisM+NeOV40saiigCX:nyqwmmgVo4GLdX9aLisvNeOVQ5zCX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2328 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
pid Process 2328 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe -
Program crash 2 IoCs
pid pid_target Process procid_target 4460 372 WerFault.exe 80 3432 2328 WerFault.exe 88 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 372 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2328 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 372 wrote to memory of 2328 372 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe 88 PID 372 wrote to memory of 2328 372 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe 88 PID 372 wrote to memory of 2328 372 4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:372 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 3962⤵
- Program crash
PID:4460
-
-
C:\Users\Admin\AppData\Local\Temp\4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\4aeaf13dc0ee3472b46115e8d077ae80_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2328 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 3643⤵
- Program crash
PID:3432
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 372 -ip 3721⤵PID:2548
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2328 -ip 23281⤵PID:3556
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD5c7a302b6498f9dc5fef6187a5d170b06
SHA1143b752c673fe215aaae99a8eed3498c99311f8a
SHA2569be9884b67fa68f2a0e40823a7cf4fdec3ed0d8ff0486d68a53fe9ff91e228fb
SHA51242da49697b095d3ed4817170ff2d2fdd856f6d9f25b9865334d11d4e6e441daf29e65f92b666a21ab4e1cd6e64265b793606bf2f24b18fe28d8dee31f0b132c0