Overview

overview

10

Static

static

10

35a5d251ee...cs.exe

windows7-x64

10

35a5d251ee...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35a5d251eea819e5bc7a9a01470e3360_NeikiAnalytics.exe

  • Size

    724KB

  • MD5

    35a5d251eea819e5bc7a9a01470e3360

  • SHA1

    838b96af235e0866e2e76b92a2b52c790228222f

  • SHA256

    ff48c191596335b546ef247c808b2badd6260780662e68293e10975ae8d094df

  • SHA512

    a073abb83825bead15b1087ddf5a3f92caa760a7ef767c4449f822047d7c27cadd62c4f626d110f0816222f8c39f45258d9b64ea9ce172863b055971b9d2b09a

  • SSDEEP

    12288:7B6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dZJBX+pd167QhEQJ:167MnVnpA1lmTx8MmA07AaSuDSwd/BE1

Score
10/10
fakeavfakeavspyware

Malware Config

Signatures

  • FakeAV, RogueAntivirus

    FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    fakeavspywarefakeav
  • FakeAV payload 1 IoCs
    fakeavspyware
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35a5d251eea819e5bc7a9a01470e3360_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\35a5d251eea819e5bc7a9a01470e3360_NeikiAnalytics.exe"
    1⤵
      PID:2076
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 492
        2⤵
        • Program crash
        PID:764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2076 -ip 2076
      1⤵
        PID:4108

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2076-0-0x0000000000400000-0x00000000004C1000-memory.dmp
        Filesize

        772KB

        Download