Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
09/05/2024, 21:37
Static task
static1
Behavioral task
behavioral1
Sample
03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe
-
Size
79KB
-
MD5
03e74ca7f846a73135c09deded0be740
-
SHA1
86ae7def097a6d05c0b14b6a078ee60346363661
-
SHA256
b509b0bc60edd14668baabc8d885fcc7230eb5ce969db8ca4773529164d7f735
-
SHA512
38b30ac6d5e2737b066bd27dab3912d5d0953dbcbe65f792aa953e9915ff34e1608e72fb785bf616abc3b6bbd6e341ffccbb7da3e67492a2b04f31688ee65cb1
-
SSDEEP
1536:zvLL///iH7AtfIrRjOQA8AkqUhMb2nuy5wgIP0CSJ+5y2B8GMGlZ5G:zvf///iH7+fUQGdqU7uy5w9WMy2N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2904 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2528 cmd.exe 2528 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2372 wrote to memory of 2528 2372 03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe 29 PID 2372 wrote to memory of 2528 2372 03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe 29 PID 2372 wrote to memory of 2528 2372 03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe 29 PID 2372 wrote to memory of 2528 2372 03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe 29 PID 2528 wrote to memory of 2904 2528 cmd.exe 30 PID 2528 wrote to memory of 2904 2528 cmd.exe 30 PID 2528 wrote to memory of 2904 2528 cmd.exe 30 PID 2528 wrote to memory of 2904 2528 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\03e74ca7f846a73135c09deded0be740_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2904
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD54c5048ed7e17865d89b97a688abb7bc7
SHA1ae6a039939b7d4a28e596da68c3d9ac90c0a4324
SHA256041653d8774b5bc759b60be407d34e18cc28ebac45fe15830882883316e5bc28
SHA51217d18b99cd11812a8359b1a542d738537952d01b07099649fe0be5b925ba6102cd3b84d5a9f2518ee3c4891dc4b282e42657b7045c33f6d792e28f7c4046e620