Overview

overview

7

Static

static

3

125fb7af30...cs.exe

windows7-x64

7

125fb7af30...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455_NeikiAnalytics.exe

  • Size

    190KB

  • MD5

    10a03e15e4439b27d84f361886827700

  • SHA1

    962f350e25e927d8e9b063dc8741cd90da3dafd7

  • SHA256

    125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455

  • SHA512

    6fef880d3988abeb602a4af6fd6dbd70c495d28b9499fc15c9f3f15d39db584c504ec9b37d83b339d93e211a3c71ff83fff1596a80bb782db89fa84083804569

  • SSDEEP

    3072:2CbVq5ATcuTVwk4iHzK5m72gnpULbbvdq/kwYhXV/GUaf0ff62NvvQUFeKJ3mc+i:2CbVq6Au5n4iHzF72OpEbvdqBYKl4x3r

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 396
      2⤵
      • Program crash
      PID:3824
    • C:\Users\Admin\AppData\Local\Temp\125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:3472
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 364
        3⤵
        • Program crash
        PID:1672
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4888 -ip 4888
    1⤵
      PID:4668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3472 -ip 3472
      1⤵
        PID:3288

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\125fb7af301fa02ae24caaf4b85af3371b3881fa382b07d829dc1e7f63d69455_NeikiAnalytics.exe
        Filesize

        190KB

        MD5

        f3bc9bad271e2ec924cdbf5b903badbe

        SHA1

        f04816224addb76903537ee19cc3cda200273b06

        SHA256

        22741786901764c06cc807b49255cd22c7ba791379849c95d7162da75f90857a

        SHA512

        6ac3a1bb5e9028894360a95e857298292c2daf44f93a408140d4c096e86475f4fe7b1ca7275f5bb563ce83f1e21cc65eee9ab02a5a3ef0d3511f38066d5e1200

        Download Submit

      • memory/3472-8-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/3472-9-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3472-14-0x0000000004D80000-0x0000000004DB7000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4888-0-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download

      • memory/4888-7-0x0000000000400000-0x0000000000437000-memory.dmp

        Filesize

        220KB

        Download