Overview

overview

7

Static

static

3

418c17cddb...cs.exe

windows7-x64

7

418c17cddb...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 01:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    418c17cddba0c5de2cb57e007e390d60_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    418c17cddba0c5de2cb57e007e390d60

  • SHA1

    4cce993d568fb94c7f65d5371dd51036c8f040b8

  • SHA256

    6d6f55f49491c1ba87aaf722be663fd691cc1ba77ed3438b02ee2507de592df2

  • SHA512

    70d522f3c4a315ba99e0198f717d98958e7c1e11eb971f0edfc77b57822c93989b46225e37897b5aaa959921e3b44ca444a06158361c2029d2fd056ecd7955da

  • SSDEEP

    6144:AjlYKRF/LReWAsUy3k/6l5iBySIQ6T04qS5qYnqjQgfckLl1a4hk10IDws0s7zku:AjauDReWPYhiuwgo8Sd5D

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\418c17cddba0c5de2cb57e007e390d60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\418c17cddba0c5de2cb57e007e390d60_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\ProgramData\otvxbh.exe
      "C:\ProgramData\otvxbh.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    480KB

    MD5

    1ec91143ec054790f1fe7bdad83d20c3

    SHA1

    44da5491ed70e506fbd1afe74d3554bd768f4332

    SHA256

    d12a3df5501040ababcadc4fc66d29af2241b9487c113fe7f4523e17de5f8508

    SHA512

    c0bd2ba1dda396639ebd37a718c935c6c520e035b454690973f1ce109a2c167bbf16db4359df0a5e94cf0f4b132efa541d5ab32212341368e5113e59a7a2d0f6

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    2bd01b99551cc639ddb5cb66914904a6

    SHA1

    50beb8bab8be15271951130ac833eb19566f9333

    SHA256

    9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

    SHA512

    374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

    Download Submit

  • \ProgramData\otvxbh.exe
    Filesize

    343KB

    MD5

    129326d29250a84f19ddb5823ed811da

    SHA1

    ce74d75e8d5adf8cb7a8d17b2823e9688a88a0f9

    SHA256

    8b6b395dd6658b531bdd8ea1c2f6f0ea6bd5416fefa2e595289ee7cffc6c216b

    SHA512

    5189b092cc61ebaf90b61380ce49aca3863b116c105f848f888a7fb9067785c67997cb2502c4c4df9fc30a961811449777acf0d243cbbf8d23b04ad07e184848

    Download Submit

  • memory/1336-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1988-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1988-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/1988-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download