8dba6062c01d81955d0ebeb280a292d794e136abe8fb7ddf10c191c8bf15a036

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe
Size

65KB
MD5

8d86161d793f1c2be42d59c0b524f5c0
SHA1

3a3cdd7a14a2e5c908ef4c4ce8f81bf68607d379
SHA256

8dba6062c01d81955d0ebeb280a292d794e136abe8fb7ddf10c191c8bf15a036
SHA512

adea21be9a1ff1e1fb5b2ec61b3c1aeb17373f97452fb45677ef4b5f4ee9dd19f30ec8f07ab4240d8748df7fbcc4acd9ab041530f402b5cde4b33cacbc16d7f4
SSDEEP

768:9eQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:99IvEPZo6Ead29NQgA2wQle56

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4728	ewiuer2.exe
1604	ewiuer2.exe
2764	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 4728	2552	8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe	89
PID 2552 wrote to memory of 4728	2552	8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe	89
PID 2552 wrote to memory of 4728	2552	8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe	89
PID 4728 wrote to memory of 1604	4728	ewiuer2.exe	100
PID 4728 wrote to memory of 1604	4728	ewiuer2.exe	100
PID 4728 wrote to memory of 1604	4728	ewiuer2.exe	100
PID 1604 wrote to memory of 2764	1604	ewiuer2.exe	101
PID 1604 wrote to memory of 2764	1604	ewiuer2.exe	101
PID 1604 wrote to memory of 2764	1604	ewiuer2.exe	101

C:\Users\Admin\AppData\Local\Temp\8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:1604
  - - C:\Windows\SysWOW64\ewiuer2.exe
      C:\Windows\SysWOW64\ewiuer2.exe /nomove
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
1⤵
PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
234a9e28c24db3c941fb617e5889500d

SHA1
a378ca5d6352e00441b668243b877b3aaf3f8f7f

SHA256
ce6c8be7adb18593b029319e23c1a833527842cf6f7d65c523a44978cde671b2

SHA512
f683a204cf0a8cdf20d5ac7dbbe4b4a24fda602567b381f84e602398eb8ae67b6615fea7a65f1fde468c3f44410791761fbaeea4fd18ef00e51a7a260096b482

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
52fce9ebf47bb4a6d48203849c7f63ad

SHA1
e7b13ee5721c7883edfc7fa9ae7387a8e59ee754

SHA256
af73b9fbe8877f8458f41230f7498b1fa0370699e6d8a3641987a35975db91ad

SHA512
f13872bfca53638b4fe66e0c867c58feeb2b89c5b73ef4935c116d91cee7135e899558dca4ff5a01b35a033f1db71bef868b146f13da4906f5fb2f9492cf8749

Download Submit
memory/1604-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1604-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1604-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2552-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2764-17-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2764-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4728-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4728-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4728-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads