Overview

overview

7

Static

static

3

418c17cddb...cs.exe

windows7-x64

7

418c17cddb...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 01:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    418c17cddba0c5de2cb57e007e390d60_NeikiAnalytics.exe

  • Size

    480KB

  • MD5

    418c17cddba0c5de2cb57e007e390d60

  • SHA1

    4cce993d568fb94c7f65d5371dd51036c8f040b8

  • SHA256

    6d6f55f49491c1ba87aaf722be663fd691cc1ba77ed3438b02ee2507de592df2

  • SHA512

    70d522f3c4a315ba99e0198f717d98958e7c1e11eb971f0edfc77b57822c93989b46225e37897b5aaa959921e3b44ca444a06158361c2029d2fd056ecd7955da

  • SSDEEP

    6144:AjlYKRF/LReWAsUy3k/6l5iBySIQ6T04qS5qYnqjQgfckLl1a4hk10IDws0s7zku:AjauDReWPYhiuwgo8Sd5D

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\418c17cddba0c5de2cb57e007e390d60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\418c17cddba0c5de2cb57e007e390d60_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\ProgramData\tirtc.exe
      "C:\ProgramData\tirtc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    480KB

    MD5

    9e05a7ee0042ecd6f60d78afd74fdacf

    SHA1

    8c48b0dd04b6ae809224ff8134e6197137f7e318

    SHA256

    6dc1b0c62b7999a45cfd961388a366ecfa165a08f9f323a5ae69a77064f7c014

    SHA512

    2156f2602c8d03d56d376d07006a5b4d4448ae3840affcfa3e780fe3be1976cd74a52eae3b6e93d4df41fd420888fbc8fb772188571a083da82141312a413c94

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    2bd01b99551cc639ddb5cb66914904a6

    SHA1

    50beb8bab8be15271951130ac833eb19566f9333

    SHA256

    9764e531dd52e37a454c7f052a17fe7b68821dc3570286aab7bb4706639efe40

    SHA512

    374436459d62bdd62fc79b779e5aef155d7b8817e3d64e53639130be49d061a251d04a3882d403c1cacf890f91fa53e9137e551f3f6479341e09fe97c7bf2390

    Download Submit

  • C:\ProgramData\tirtc.exe
    Filesize

    343KB

    MD5

    129326d29250a84f19ddb5823ed811da

    SHA1

    ce74d75e8d5adf8cb7a8d17b2823e9688a88a0f9

    SHA256

    8b6b395dd6658b531bdd8ea1c2f6f0ea6bd5416fefa2e595289ee7cffc6c216b

    SHA512

    5189b092cc61ebaf90b61380ce49aca3863b116c105f848f888a7fb9067785c67997cb2502c4c4df9fc30a961811449777acf0d243cbbf8d23b04ad07e184848

    Download Submit

  • memory/212-130-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2828-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2828-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2828-9-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download