c78f66251212a4a0bf8294123375e043be0b9a2d75dce4285c9bc95ef03fe3be

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe
Size

65KB
MD5

398d070edadd5755a18ee7742b644710
SHA1

bf5deb35ae81816b5377820c5446b8eaba1a4888
SHA256

c78f66251212a4a0bf8294123375e043be0b9a2d75dce4285c9bc95ef03fe3be
SHA512

6c7255d4d0591c35cd38ba4fe3514e9427b7addc23b0bda79f3c147ebcd05ed9f8d1b6a77a018c47bd855b3a7a8fe65d55599c1fc1b2a8e0092d71ba59fa6920
SSDEEP

1536:Gttose4OcUm3QI5EPZo6E5sEFd29NQgA2w6TNle5c:eose4O+QZo6EKEFdGM29le5c

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2456	ewiuer2.exe
2352	ewiuer2.exe
2720	ewiuer2.exe
2980	ewiuer2.exe
2052	ewiuer2.exe
2932	ewiuer2.exe
972	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
1952	398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe
1952	398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe
2456	ewiuer2.exe
2456	ewiuer2.exe
2352	ewiuer2.exe
2352	ewiuer2.exe
2720	ewiuer2.exe
2720	ewiuer2.exe
2980	ewiuer2.exe
2980	ewiuer2.exe
2052	ewiuer2.exe
2052	ewiuer2.exe
2932	ewiuer2.exe
2932	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2456	1952	398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe	28
PID 1952 wrote to memory of 2456	1952	398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe	28
PID 1952 wrote to memory of 2456	1952	398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe	28
PID 1952 wrote to memory of 2456	1952	398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe	28
PID 2456 wrote to memory of 2352	2456	ewiuer2.exe	32
PID 2456 wrote to memory of 2352	2456	ewiuer2.exe	32
PID 2456 wrote to memory of 2352	2456	ewiuer2.exe	32
PID 2456 wrote to memory of 2352	2456	ewiuer2.exe	32
PID 2352 wrote to memory of 2720	2352	ewiuer2.exe	33
PID 2352 wrote to memory of 2720	2352	ewiuer2.exe	33
PID 2352 wrote to memory of 2720	2352	ewiuer2.exe	33
PID 2352 wrote to memory of 2720	2352	ewiuer2.exe	33
PID 2720 wrote to memory of 2980	2720	ewiuer2.exe	35
PID 2720 wrote to memory of 2980	2720	ewiuer2.exe	35
PID 2720 wrote to memory of 2980	2720	ewiuer2.exe	35
PID 2720 wrote to memory of 2980	2720	ewiuer2.exe	35
PID 2980 wrote to memory of 2052	2980	ewiuer2.exe	36
PID 2980 wrote to memory of 2052	2980	ewiuer2.exe	36
PID 2980 wrote to memory of 2052	2980	ewiuer2.exe	36
PID 2980 wrote to memory of 2052	2980	ewiuer2.exe	36
PID 2052 wrote to memory of 2932	2052	ewiuer2.exe	38
PID 2052 wrote to memory of 2932	2052	ewiuer2.exe	38
PID 2052 wrote to memory of 2932	2052	ewiuer2.exe	38
PID 2052 wrote to memory of 2932	2052	ewiuer2.exe	38
PID 2932 wrote to memory of 972	2932	ewiuer2.exe	39
PID 2932 wrote to memory of 972	2932	ewiuer2.exe	39
PID 2932 wrote to memory of 972	2932	ewiuer2.exe	39
PID 2932 wrote to memory of 972	2932	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\398d070edadd5755a18ee7742b644710_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2980
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2052
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2932
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0IKFRI02.txt

Filesize
229B

MD5
2b7116f002a0eeeb9a6728ef7df916cc

SHA1
500908a6d78cfb1e59809dc95a9824dd9375207b

SHA256
7b6d14ad45028b452e69aafb96c4ca19fc6765ef8933906de80e95c563bb4a78

SHA512
5403d2264f21a97ab145db71579c3c1ad300546a21207e330c8dbe183a75e6f13f0af598f9dc58c7dc3943d34448e3d5ed61b228b9af9293c40113c9cab3a7ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KY0H6PG2.txt

Filesize
229B

MD5
0748e64c64bf16cc7b063c7690b275c7

SHA1
45fd620bb7ed7cc025f2ce9a5766d188c2a3b715

SHA256
b90fca3bde70018d38fa6e777277332ac3450a5cc7c6118752fb1bccd1bf973a

SHA512
153b84921e44b495d894a21a13190f4458a4fb3449b7d294d14f60e37e19aeef38ce1506337b643e99fc2ce30004c2a03214ab96121a8b8c0f0ed78883037868

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
f4d210d12620db265e8021e0337f47cf

SHA1
7b7496f2906b99bc7062718dc60b9cf29e7276fb

SHA256
f40ea3a8d8cc5199a2d65201ca33b88ae9517924c0f4c513d0aa9553e7694bd0

SHA512
6445490fb631af59124de88326ba34fc5e0eb261dbcf3b0618ff4efb7a39c8af72975e44e553fc42062745ed9fb3e4dcbc2f74adc2005099bf6e8868c788dc49

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
94bbceaaed7d025ef9b24ac7f5309ecd

SHA1
a78ef882a9c4b3eb7e8c996c7167a26e3b803698

SHA256
1fdada72d5637ee3c7233ef246cea2fb967697e081043a90bcface37d14dafde

SHA512
349fb36bf05eb8da13a7da07d14dc016825b1fc45c2071be2d76c469286a99522ab84410a5705d79591a581e6257d6215319823773dc99f641d8512d9067ce69

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
45d3370e238aff19fd74fbdeba3b121a

SHA1
8204f4a96cf25782b400107f4ce7d5eea100b434

SHA256
67d017e00d232571a37141b2f20ce349ccd45581fb184b5084896b88540e7e81

SHA512
2fb8a7840e4f64be1e1a6561cb957a5505a94e6e3afbbb13c80cc53811f28d81ff81f248e6b08936c730ac169b0a54c118bdd48b8553e1c625e7ba9f9aab3a37

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
87dc10f8e6028e1e87e8f93463f120f3

SHA1
1cade49a42b740e4c32826ff8ce80980f1694093

SHA256
d2fd9fcd39001e2f68308f19900d6987e48eefbfce6d2df52c02bb5379e6fbf7

SHA512
5211194c46af3ceafe69e6cdf47532ebf3d434aa04639d6cfed05da7053c016ace769ab3f33b19dba2256bf651ffe15d9148db73cb669dcd90c299af867a6eb3

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
7f1cdd93acd6563b99513f8396686086

SHA1
a9c57ccf8e3af1f8f305326f5416263f4428fc56

SHA256
13b2bc65b07b026c11f8153a5b3d6613f678fdba02e435e33a0c81a8fd7f7d00

SHA512
ce82aa3ce8db003630693dd550ce611f19daeff01c6c3138c0d93dfb8eabd09a0743c95dd832cf26b0c92f68f619344b9de4e4c705ddd4cf0e66cf88c2bf77f0

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
a554becb56207408fd324dc2bb085d4d

SHA1
e96b9105f8adf4970d55a6c65a8321334e10f85f

SHA256
b92ba50ac38c0880ab807cba54b17ca7f1b516820c528df7579c30dd9277e0dd

SHA512
5c2907f02c85fc0bf3df1eea2c7505daac1cd8f22b7ac6954641c93f5060b0f2da6b27dc835f2ffea8ffbb8b8296b9545197b542e525758b7a6d15dcb6fe8431

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
704fab54734d7e06826333ced5ad0af7

SHA1
82f0197225d1767f428f1362d149b312dd3817ba

SHA256
2df4bc091caaaf93331c60ed4411965e5f67f6b77ebe2a79c18b6c4457ce1d41

SHA512
4abfc6c4dbafe9e8c1233db3a505f2abed7ea48fa4753618855856cfc7e78d588a241db30706590f7d392b8f3b877dc829f2318edf34f5b4f234065ad90a9723

Download Submit
memory/972-84-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1952-4-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download
memory/1952-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2052-61-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2052-71-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2052-59-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2352-34-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2456-17-0x00000000028F0000-0x000000000291A000-memory.dmp

Filesize
168KB

Download
memory/2456-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2456-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2456-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-36-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-37-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2720-48-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2932-73-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2932-82-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2980-51-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads