Overview

overview

7

Static

static

3

278886a4a3...cs.exe

windows7-x64

7

278886a4a3...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    278886a4a34dcb466869cc0fad855200_NeikiAnalytics.exe

  • Size

    7.8MB

  • MD5

    278886a4a34dcb466869cc0fad855200

  • SHA1

    c44396cc75e485ac59cfabe8eae4fc98b3a883e3

  • SHA256

    10c85f6ceebad92bb239602c0903fa3324daa5dbb61da726aeccf24a9f6ea122

  • SHA512

    dae1ac82602a52d53073abefbaa8d00c6d434e5575cac7dfb39cdbd03d0665cd535af7008b18fcf160f93f6f777c23aa1aec18131819496efa1f7b2b871aeb81

  • SSDEEP

    98304:emhd1UryeSlWa6V8266AH9dX2LfXP+V7wQqZUha5jtSyZIUb:el1a6eFH9dX2Lfm2QbaZtli

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\278886a4a34dcb466869cc0fad855200_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\278886a4a34dcb466869cc0fad855200_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\5A64.tmp
      "C:\Users\Admin\AppData\Local\Temp\5A64.tmp" --splashC:\Users\Admin\AppData\Local\Temp\278886a4a34dcb466869cc0fad855200_NeikiAnalytics.exe 9F56FCF25E56636CD2F799EE68AE06C91A821C99567A4F7312E0A8787C0202F2CB51C33C306C81698CCDF5158F33D770B487E4CE39AC4B8A836E80F194E4FD8E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5A64.tmp
    Filesize

    7.8MB

    MD5

    ef0f4b9f745ff6a73cfcf1682d91af7c

    SHA1

    24c1442cdf95c4d42c2565e23a7234c85463d95d

    SHA256

    f72861a44da312dedf8483b868a196ff4d9839348ee5d574ac0ba33f7e104dd0

    SHA512

    4d652ede793cb1392ba70b53ef8f7f3e23bd3f8c26e37b486d719d26fb786bb5a8220f6171af4c0b98404955f104a41a3ae3fbac8601b88baad0951430a501df

    Download Submit

  • memory/1708-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4764-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download