Overview

overview

7

Static

static

3

9164964b82...cs.exe

windows7-x64

7

9164964b82...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 16:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9164964b82b8f612717ca80f48ba0b90_NeikiAnalytics.exe

  • Size

    7.8MB

  • MD5

    9164964b82b8f612717ca80f48ba0b90

  • SHA1

    1cbc531eee8163d41fec612624f89de770351fb2

  • SHA256

    7ede33aa314e6471e431729bdaf076bdcca39d5729741b2ec26a7636e3cebd83

  • SHA512

    00de9327a12814895fd6f32c3c97d2be53f5e38a5a86085d47eebb0f81cc758c2a8c18aa8c4bb85c3fa3e3cd80d10f256b03f2876adf738c762b9cf3c0c86030

  • SSDEEP

    98304:emhd1UryefEhLZ/Ghyy+V7wQqZUha5jtSyZIUb:elcNZfy+2QbaZtli

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9164964b82b8f612717ca80f48ba0b90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9164964b82b8f612717ca80f48ba0b90_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3336
    • C:\Users\Admin\AppData\Local\Temp\342F.tmp
      "C:\Users\Admin\AppData\Local\Temp\342F.tmp" --splashC:\Users\Admin\AppData\Local\Temp\9164964b82b8f612717ca80f48ba0b90_NeikiAnalytics.exe C79888D0C2CD1DB299200AFAD7B8E0C80FEDD92F4E2715B316E590C8FCE3D3D055588E3AB960BCDAC0E9B2BF7EE17094D7FDC3E7D59FFB9837927B737F6E3B16
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\342F.tmp
    Filesize

    7.8MB

    MD5

    bf03dd3f0ac3cdf2a7e7600c85f4ca08

    SHA1

    910a4ce46e193caf6e418014b8b494bd46cac9a6

    SHA256

    2fbf9d1b12593dc22b86d6c8a0771278b0444e9fe99e1e4377f36c3bbd18d54c

    SHA512

    adc260e6f25098fcc73255cc424f812eca267e8bce6217de0fbc578eaeabd36fe7339f7373a7b9565a9fd12065daffaeb2afdcc69601876ea2c63b5e1cb40679

    Download Submit

  • memory/2452-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3336-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download