92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 10:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe
Size

320KB
MD5

df2b790819600e489ff78bfd3d4f13e0
SHA1

39bce8c392a3468d58361ea5d26aef0f514fbb31
SHA256

92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a
SHA512

d7974771b9dfaeb1a7c66b9f6b1631eca1ecb7559c8b087d91964560b8e7e879b510b48d3ba65bf863f699797b75e1eafae2c09648d70ee6c9f26d2b57e268cb
SSDEEP

6144:Upe5ZXiOccpgl4mNIDEqZK0W7cyqCxSngmMBqfycuPbUl0i5w:UpMyOaumwEqZQ0npM4dl0b

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2880	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2880	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
4252	764	WerFault.exe	80
3948	2880	WerFault.exe	84
2092	2880	WerFault.exe	84
2084	2880	WerFault.exe	84
2932	2880	WerFault.exe	84
2836	2880	WerFault.exe	84
4356	2880	WerFault.exe	84

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
764	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2880	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 2880	764	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	84
PID 764 wrote to memory of 2880	764	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	84
PID 764 wrote to memory of 2880	764	92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe	84

C:\Users\Admin\AppData\Local\Temp\92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 384
  2⤵
  - Program crash
  PID:4252
- C:\Users\Admin\AppData\Local\Temp\92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 352
    3⤵
    - Program crash
    PID:3948
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 768
    3⤵
    - Program crash
    PID:2092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 788
    3⤵
    - Program crash
    PID:2084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 796
    3⤵
    - Program crash
    PID:2932
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 808
    3⤵
    - Program crash
    PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 772
    3⤵
    - Program crash
    PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 764 -ip 764
1⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2880 -ip 2880
1⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2880 -ip 2880
1⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2880 -ip 2880
1⤵
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2880 -ip 2880
1⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2880 -ip 2880
1⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2880 -ip 2880
1⤵
PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\92be58d0fff26e3faf6b98482d17e0208cc5a25554a8a0dba57336785d78961a_NeikiAnalytics.exe

Filesize
320KB

MD5
95680770244312a07296da38c666d2d8

SHA1
cb8c4c58f9e5078633b6bff61377f56a009a6d80

SHA256
df9700a5e7581e76926d427c1cc98497775637766d79fceb355771b728f44285

SHA512
62589ca0f8a5610346090192b952e9db1f9a5854665fa70c2c7aa358a0bccb7941475393ba8b46381c15745eb16840eecd925a05fc5bb6dfaa36ddfe409e8849

Download Submit
memory/764-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/764-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2880-8-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2880-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2880-14-0x00000000014C0000-0x00000000014F8000-memory.dmp

Filesize
224KB

Download