Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09-05-2024 22:13
Static task
static1
Behavioral task
behavioral1
Sample
0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
0c8f5d9de495c44aec3cfa68588ceca0
-
SHA1
6ed9204c92246f852040b06a4ef54042682fbca2
-
SHA256
37e7389691a752eb7862b5a1ffadd163f01168ad1edfedc585774d10721b1806
-
SHA512
0511373137fd9e1ef5749fbe66b98e73162f3867b01b17deb570e75df21ac2e024df9f92e75560a3ca766a360489f1b1bbf5c7826fbba4304d2c4378a7b4b9f6
-
SSDEEP
1536:zvxVDuD1AYrOQA8AkqUhMb2nuy5wgIP0CSJ+5yAB8GMGlZ5G:zvPqT6GdqU7uy5w9WMyAN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1740 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1724 cmd.exe 1724 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 328 wrote to memory of 1724 328 0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe 29 PID 328 wrote to memory of 1724 328 0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe 29 PID 328 wrote to memory of 1724 328 0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe 29 PID 328 wrote to memory of 1724 328 0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe 29 PID 1724 wrote to memory of 1740 1724 cmd.exe 30 PID 1724 wrote to memory of 1740 1724 cmd.exe 30 PID 1724 wrote to memory of 1740 1724 cmd.exe 30 PID 1724 wrote to memory of 1740 1724 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\0c8f5d9de495c44aec3cfa68588ceca0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:328 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1740
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD57bdb4e5efe07bc0d939b4d8744940517
SHA1dc1ae941d593065e75dfb58712f4716b14f92df8
SHA2560e15c9d3be6c147d64b248b01e83cee5a176ed6c138afb7546b70edfd7f5e2b5
SHA512ac7792c19036ef272abb6bc939e8ae663d7d0fc1cc15cc02347488641ac277d4711777500e9f23c7240252a2803e6c4c8f4b4d24297c168952ef0dbd3ddb138c