0d5b87c7c67ba8d886ece7df744e1a8d012345e1e336192e8c95b545dcf54292

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe
Size

1.4MB
MD5

1b373b9e57b64217b23b7ed9b20bac60
SHA1

5d14a3abfa7809a449e9b271719fb503372561ad
SHA256

0d5b87c7c67ba8d886ece7df744e1a8d012345e1e336192e8c95b545dcf54292
SHA512

e48a82ac97973cfdfe517428f4df33ae7e8033a690363a4ea284efa04f4fa31c8bac47b743765fc5432f1552b8961f1a3f408a9ba354d0ce2d06a67e35cf0e8a
SSDEEP

24576:IydQ4iVx98cD6TB+1a/ZSa77sFZTDleyJohauNb0XGjm:IOpIec+F+1gFghcyJokuN4XGjm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3032	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
2256	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	pastebin.com
4	pastebin.com

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3032	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2256	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3032	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3032	2256	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe	29
PID 2256 wrote to memory of 3032	2256	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe	29
PID 2256 wrote to memory of 3032	2256	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe	29
PID 2256 wrote to memory of 3032	2256	1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\1b373b9e57b64217b23b7ed9b20bac60_NeikiAnalytics.exe

Filesize
1.4MB

MD5
51e579fe63b2b8c58c7a6506b871ada4

SHA1
294d24958d1bd95d71fd82672dabb11fa5b648e4

SHA256
cf925ed10ee0231b6c6f481a3aa19d0fa851fff364acff31714dbb94f37fd999

SHA512
e2262188e00112c6232b3159df94bc2cf911ec56ce9981e1c2b948a283c711f448b589501a8d031a155a5a72871ab8da4f49e1e2b3b57ae44851b8c3541a934d

Download Submit
memory/2256-0-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/2256-8-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3032-9-0x0000000000400000-0x00000000004EC000-memory.dmp

Filesize
944KB

Download
memory/3032-10-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3032-16-0x0000000002D00000-0x0000000002DEC000-memory.dmp

Filesize
944KB

Download
memory/3032-32-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3032-38-0x0000000009700000-0x00000000097A3000-memory.dmp

Filesize
652KB

Download