d9084242f673cfe57fb2e8c9245a450ca9e50915c90ebf216384b1dca31f9a37

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe
Size

71KB
MD5

7b443b8f64de4145923bf413fe3a15c0
SHA1

b18f907780198a153360cca8dff4a50b148422e6
SHA256

d9084242f673cfe57fb2e8c9245a450ca9e50915c90ebf216384b1dca31f9a37
SHA512

d970268561f67786dd44f7201f9dbf4f6939f0b891f4823c68de32cacd0ff7ac11c30a34d6d606ba0efb86f26c70c2b8ce719dbbbc30e8ab3addd64df564eb7b
SSDEEP

384:MdPnITsHlTxk7ETVAyPyAtatgTkeI8rlHfuDLLfFGY2rXdSkxzyuafqr9KpteyNK:MdAT05xk7HKQ8xccJjIVqrzyuX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2936	hfdfjdk.exe

Loads dropped DLL 2 IoCs

pid	Process
2068	7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe
2068	7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2936	2068	7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe	28
PID 2068 wrote to memory of 2936	2068	7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe	28
PID 2068 wrote to memory of 2936	2068	7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe	28
PID 2068 wrote to memory of 2936	2068	7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b443b8f64de4145923bf413fe3a15c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\hfdfjdk.exe
  "C:\Users\Admin\AppData\Local\Temp\hfdfjdk.exe"
  2⤵
  - Executes dropped EXE
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hfdfjdk.exe

Filesize
71KB

MD5
6069d40dc7d6d798421ba1d9bdc089f3

SHA1
262cb3f7f533ba101412e9ef73038a6a0b0e884e

SHA256
0a81d07100b12836840b9b3913cda45eac902bcf9249982d08875b52cf21d14c

SHA512
ec0d0738cece8349d943a04f87c9b43977337f60d6cd9632aae3b8b09a5483331e89135602827e54f620ed2b5fe99d642ea3b30748055940d2d11259eed0a609

Download Submit