Overview

overview

7

Static

static

3

7254b2f4bb...cs.exe

windows7-x64

7

7254b2f4bb...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    124s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-06-2024 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe

  • Size

    209KB

  • MD5

    9eaad2399b7d1df38d58cd657ca584c0

  • SHA1

    12ea58fc64b84b2231dbee635bf8a18d92ca305c

  • SHA256

    7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb

  • SHA512

    a8471d7a8cc9416a1309dc2a9376dcbb80d2153b4fee5eb312cbd5a53237b7aeb76f51ab06377c22203447ff8739292552bfd6e3c7c643efe61a50df87657931

  • SSDEEP

    6144:8UtYRjnS+VAONurnnr4ST1y5SHmNKDMtfXp:AFFNorNc58Mtfp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 396
      2⤵
      • Program crash
      PID:588
    • C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2216
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 372
        3⤵
        • Program crash
        PID:4844
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3900 -ip 3900
    1⤵
      PID:2668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2216 -ip 2216
      1⤵
        PID:3708
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
        1⤵
          PID:1520

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7254b2f4bbf8bf8507a6561bd9143886ba48d195186dd9c24c19beffc87b11cb_NeikiAnalytics.exe
          Filesize

          209KB

          MD5

          6d3f7bf4812147aa3401c35cea411c7e

          SHA1

          b6caab9f3a69139bbadcfa755ae02f6228fff876

          SHA256

          edf0aa680b76900a523ded5e6e9f698c45f117342cc4ff628e3ea5b125f1780a

          SHA512

          d1730609f91f333b9477e665c94eec77afc57d9c395b0e1f825c9f41d9f851c1990832ca5d5507d96b578990b5d0ee1d063c406e908ae5986c91d66a80403ee6

          Download Submit

        • memory/2216-7-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/2216-8-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/2216-13-0x00000000015E0000-0x0000000001620000-memory.dmp

          Filesize

          256KB

          Download

        • memory/3900-0-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download

        • memory/3900-6-0x0000000000400000-0x0000000000440000-memory.dmp

          Filesize

          256KB

          Download