Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 04:00
Static task
static1
Behavioral task
behavioral1
Sample
65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
65bbdbb336e5a26899ba5b75e5e334b0
-
SHA1
a989935f2d62bc6f72e8bebec6bb93257c45f3c5
-
SHA256
2a8e249c162b543b0ad2eb912166cbc9d8310fa15243cc937ffc334f5a95f6cc
-
SHA512
130e08d9f023175b9503f52cd5cad519ab433b7ae5670809b692926a16572b74640e13cc807ea89ff6f958e13a10fef77e5dfeb63f573a2cf5fa7cdb3d866cc0
-
SSDEEP
1536:hbK6B3YLsGjFk/K5QPqfhVWbdsmA+RjPFLC+e5hj0ZGUGf2g:hX3YLsGoNPqfcxA+HFshjOg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1432 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2388 cmd.exe 2388 cmd.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2388 3008 65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe 29 PID 3008 wrote to memory of 2388 3008 65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe 29 PID 3008 wrote to memory of 2388 3008 65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe 29 PID 3008 wrote to memory of 2388 3008 65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe 29 PID 2388 wrote to memory of 1432 2388 cmd.exe 30 PID 2388 wrote to memory of 1432 2388 cmd.exe 30 PID 2388 wrote to memory of 1432 2388 cmd.exe 30 PID 2388 wrote to memory of 1432 2388 cmd.exe 30 PID 1432 wrote to memory of 2176 1432 [email protected] 31 PID 1432 wrote to memory of 2176 1432 [email protected] 31 PID 1432 wrote to memory of 2176 1432 [email protected] 31 PID 1432 wrote to memory of 2176 1432 [email protected] 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\65bbdbb336e5a26899ba5b75e5e334b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2388 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1432
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:2176
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD5a6849bf37c7c7b7d66fbef18d702a634
SHA13287acf40695ddbc9616e7724e1f1bf89cd62443
SHA25657920c509306fef8403d6c96a7a5ef3f7230aa136f0910e0059ae054cde1485f
SHA5128766c277877030664fc35aeb956842f49beeefe35429f179f3eabf9da660f0df0c70d3cbc6f3eca0df984e8f04a0ffeb38d42a43436f5a7dead052ed5a7a9b13