Overview

overview

7

Static

static

3

23ae1bfd42...cs.exe

windows7-x64

7

23ae1bfd42...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 23:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    23ae1bfd42be162a48191637be3c9f20_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    23ae1bfd42be162a48191637be3c9f20

  • SHA1

    09079ed3a92ae2eedbbca701498765899b2c5364

  • SHA256

    da8d79cf982b834f24f054e8d9ccb9ff365f9dca53523255d1cd758536b4b13d

  • SHA512

    4736947126a234c8cf834dcb87a046feed8cc9460e3071679d7b124572bcdfb362379cf44e986839cf3580801a550bf150416fea703bb2676d0e072be0866606

  • SSDEEP

    12288:AjauDReWXCDpMVbRldpY7aM/paB7ZH2uyr:ADDsyVHSpaB7xFyr

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\23ae1bfd42be162a48191637be3c9f20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\23ae1bfd42be162a48191637be3c9f20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\ProgramData\rhkhs.exe
      "C:\ProgramData\rhkhs.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1656

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings .exe
          Filesize

          480KB

          MD5

          ec6f65b667a16c5a571848545054fe5a

          SHA1

          6dd22cb1af6a24aa6d1167b40369b6063ec1046f

          SHA256

          035e48271bc4f7b07e198a16a67ba745e37e9c49d466794ba3a7cc1d940aed04

          SHA512

          08d171026eb646b6fb703519950c102a3c15ed15454eed8a402f60dd332bc5fd46ada498691e95a1aaf2df95405a745861e4a7ef111b25884b83b1fd3b35ae03

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          136KB

          MD5

          2bd01b99551cc639ddb5cb66914904a6

          SHA1

          50beb8bab8be15271951130ac833eb19566f9333

          SHA256

          9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

          SHA512

          374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

          Download Submit

        • \ProgramData\rhkhs.exe
          Filesize

          343KB

          MD5

          b7748a013adef85c85408e3e61058710

          SHA1

          d551ca9ba703caec87795cef7c293c502e3f0e39

          SHA256

          a3558a7da9792314e8f3468454a3a5bb93610f35493f02878c9f2b489d830b1e

          SHA512

          ad8d3a868ba7fbaab3f6f4044156bbc56db3011fc72cfdc4dc6c2422c4dd2fbd3ae16166f0abae3e58d9df89da01fa8a761d6b74312481f863949d9263f65e4f

          Download Submit

        • memory/1656-133-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download

        • memory/2068-0-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2068-1-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download

        • memory/2068-14-0x0000000000400000-0x0000000000474000-memory.dmp

          Filesize

          464KB

          Download