Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 04:47
Static task
static1
Behavioral task
behavioral1
Sample
730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
730557fb203ad79ff24df1ade72fc7b0
-
SHA1
889a82386acc496d8aab35afef111022b8b42eae
-
SHA256
78545cd61d5a0ad4016b1f7e239541f8d69ff7c3e34e632d63da24636a0a373a
-
SHA512
2bf0a1fb6550c42f556e2e5980733a2e86802913b5bdd7a2575b2890be82a608c9fd0ba3b12a2e9b044ddb75c902b5a579faf010cac123de1091a66286175c62
-
SSDEEP
1536:zvdpDHWjMdEtZeZv9OQA8AkqUhMb2nuy5wgIP0CSJ+5yOB8GMGlZ5G:zvdpCIcmvkGdqU7uy5w9WMyON5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4488 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2860 wrote to memory of 1780 2860 730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe 83 PID 2860 wrote to memory of 1780 2860 730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe 83 PID 2860 wrote to memory of 1780 2860 730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe 83 PID 1780 wrote to memory of 4488 1780 cmd.exe 84 PID 1780 wrote to memory of 4488 1780 cmd.exe 84 PID 1780 wrote to memory of 4488 1780 cmd.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\730557fb203ad79ff24df1ade72fc7b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Windows\SysWOW64\cmd.exePID:1780
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:4488
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD546bb278189f23a0a3451bb9ff7612a7d
SHA1c0b6c28c74a8d500dc9ad64adcc83834e2820402
SHA2565749a09ad16c88570300ee28c7b0867c57b59fa7c5f5164495c9895d6d174b20
SHA5125d5056474edb0e3493bd28b0ca95266bcfca6a920823fbe58d6a8491643e317350035d9fe2da65b22b461a40b828205b5497209e9948a98681f6cb6a0442ed31