Analysis Overview
SHA256
53fdb6d6befdb63468bf859d3738f83cea7b9535ace9a7355f8db12fe85fb72a
Threat Level: Likely benign
The file 1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe was found to be: Likely benign.
Malicious Activity Summary
Drops file in Windows directory
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-12 04:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 04:52
Reported
2024-06-12 04:54
Platform
win7-20240221-en
Max time kernel
140s
Max time network
120s
Command Line
Signatures
Drops file in Windows directory
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1904 wrote to memory of 2364 | N/A | C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1904 wrote to memory of 2364 | N/A | C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1904 wrote to memory of 2364 | N/A | C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 1904 wrote to memory of 2364 | N/A | C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe | C:\Windows\SysWOW64\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 92
Network
Files
memory/1904-0-0x0000000000400000-0x0000000000428000-memory.dmp
C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe
| MD5 | 1fa6a2bbf2dfc687a34a9d3b1dd1922e |
| SHA1 | f88ee0d23d495051c9a94c761c45c058d13e9bed |
| SHA256 | d0bc139e899150389ad3a2da621c50eb8981522bbc8934009f38c5ad522965ab |
| SHA512 | 4cacbb722ae00cc422d85156349559fecdad2f654634a9e6a968a91cd43207720bfb02af604c8c099e7a83df4d6ad293e5fad47748b7287951dbe007870dd6cb |
memory/1904-65-0x0000000000400000-0x0000000000428000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 04:52
Reported
2024-06-12 04:54
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
150s
Command Line
Signatures
Drops file in Windows directory
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1f86f5e9eece3a8b6d8b9c708c0235c0_NeikiAnalytics.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 352 -ip 352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 288
Network
Files
memory/352-0-0x0000000000400000-0x0000000000428000-memory.dmp
C:\Windows\Intelx386\Update Photoshop 8.0 to Photoshop 9.5 (It´s Work!).exe
| MD5 | 1fa6a2bbf2dfc687a34a9d3b1dd1922e |
| SHA1 | f88ee0d23d495051c9a94c761c45c058d13e9bed |
| SHA256 | d0bc139e899150389ad3a2da621c50eb8981522bbc8934009f38c5ad522965ab |
| SHA512 | 4cacbb722ae00cc422d85156349559fecdad2f654634a9e6a968a91cd43207720bfb02af604c8c099e7a83df4d6ad293e5fad47748b7287951dbe007870dd6cb |
memory/352-65-0x0000000000400000-0x0000000000428000-memory.dmp