Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 06:53
Behavioral task
behavioral1
Sample
419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe
-
Size
731KB
-
MD5
bb7970701d7b38795c51f6dbe3be4d80
-
SHA1
3413101fa608e4baf2c20d05bf05f1d931eb87b6
-
SHA256
419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6
-
SHA512
015c3a495c6f82efc9d849027ac739e74ccfed557c3caa6ec31ce8f245537284ffdacf70b542c0d45ab07afa7b36711f8b91a6e46d378cbd6325b7497cdbd14b
-
SSDEEP
6144:Fp19SmYRZbsuSBs3ojpe6aABlwZFsr5pOGJr3eRqk3tJc+xZRtiKzvzaOKIeM87C:Fp1EPZbsu2s3ojpe6aeSg3DeRqkUWh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exedescription pid process target process PID 868 wrote to memory of 2064 868 419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe WerFault.exe PID 868 wrote to memory of 2064 868 419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe WerFault.exe PID 868 wrote to memory of 2064 868 419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\419f59e05247705e20e9272dacdeb2d3be350e2cb59a61ac3d1ff2f4a5dc23b6_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 868 -s 762⤵