4f208bb995d85ab396138915fd0b77ccee49c2700a6afbce2195df36f6188edd

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 03:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe
Size

63KB
MD5

617efe5b27b3e1ad8cd87d5f437e8790
SHA1

e7fbbdc26f5418ec6f7308589588fe0b427cf09c
SHA256

4f208bb995d85ab396138915fd0b77ccee49c2700a6afbce2195df36f6188edd
SHA512

c2530b13e3c4240fc5afa525f0d79fc502a98b3a7b08011c1b5b1cac785d612c2afd159eb686929cef304ebd6255a5d86fdb158f45240944e8a3ca3b86a57b00
SSDEEP

768:UMTx4UIB3zmOFJkzh8S2qnw3nZeWWkiwB1/EPbExvXuBnRzg6Q1WZL1Ydu0n:HmBqSJQ4qnFJ+1/hZ2nRcV1Q5YJn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2096	kgfdfjdk.exe

Loads dropped DLL 2 IoCs

pid	Process
996	617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe
996	617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 2096	996	617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe	28
PID 996 wrote to memory of 2096	996	617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe	28
PID 996 wrote to memory of 2096	996	617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe	28
PID 996 wrote to memory of 2096	996	617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\617efe5b27b3e1ad8cd87d5f437e8790_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:996
- C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
  "C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe"
  2⤵
  - Executes dropped EXE
  PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
63KB

MD5
d7524e0612b8a7d0fca9640af4b47b72

SHA1
2a06bc7f1cc0e7a59ae65f43fbefd22757eaaa88

SHA256
2d37ab66c5654939c8db59c78bd839cc2a4db5b42ba538f7dee154ee3c33a35a

SHA512
84e298cfa363d3b90b4149c18a11db5c077bc04f09ff52c7dda3b330d85684b7ec9a11aa4397bc9232b6a0a1c95790004a52f6aeb8c4fec3345b0a343a382cce

Download Submit