Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 06:21
Static task
static1
Behavioral task
behavioral1
Sample
8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe
-
Size
65KB
-
MD5
8d86161d793f1c2be42d59c0b524f5c0
-
SHA1
3a3cdd7a14a2e5c908ef4c4ce8f81bf68607d379
-
SHA256
8dba6062c01d81955d0ebeb280a292d794e136abe8fb7ddf10c191c8bf15a036
-
SHA512
adea21be9a1ff1e1fb5b2ec61b3c1aeb17373f97452fb45677ef4b5f4ee9dd19f30ec8f07ab4240d8748df7fbcc4acd9ab041530f402b5cde4b33cacbc16d7f4
-
SSDEEP
768:9eQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:99IvEPZo6Ead29NQgA2wQle56
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
pid Process 4728 ewiuer2.exe 1604 ewiuer2.exe 2764 ewiuer2.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe File opened for modification C:\Windows\SysWOW64\viesazm.mpk ewiuer2.exe File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe File opened for modification C:\Windows\SysWOW64\viesazm.mpk ewiuer2.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2552 wrote to memory of 4728 2552 8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe 89 PID 2552 wrote to memory of 4728 2552 8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe 89 PID 2552 wrote to memory of 4728 2552 8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe 89 PID 4728 wrote to memory of 1604 4728 ewiuer2.exe 100 PID 4728 wrote to memory of 1604 4728 ewiuer2.exe 100 PID 4728 wrote to memory of 1604 4728 ewiuer2.exe 100 PID 1604 wrote to memory of 2764 1604 ewiuer2.exe 101 PID 1604 wrote to memory of 2764 1604 ewiuer2.exe 101 PID 1604 wrote to memory of 2764 1604 ewiuer2.exe 101
Processes
-
C:\Users\Admin\AppData\Local\Temp\8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8d86161d793f1c2be42d59c0b524f5c0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Users\Admin\AppData\Roaming\ewiuer2.exeC:\Users\Admin\AppData\Roaming\ewiuer2.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Windows\SysWOW64\ewiuer2.exeC:\Windows\System32\ewiuer2.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Windows\SysWOW64\ewiuer2.exeC:\Windows\SysWOW64\ewiuer2.exe /nomove4⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2764
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:81⤵PID:3004
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD5234a9e28c24db3c941fb617e5889500d
SHA1a378ca5d6352e00441b668243b877b3aaf3f8f7f
SHA256ce6c8be7adb18593b029319e23c1a833527842cf6f7d65c523a44978cde671b2
SHA512f683a204cf0a8cdf20d5ac7dbbe4b4a24fda602567b381f84e602398eb8ae67b6615fea7a65f1fde468c3f44410791761fbaeea4fd18ef00e51a7a260096b482
-
Filesize
65KB
MD552fce9ebf47bb4a6d48203849c7f63ad
SHA1e7b13ee5721c7883edfc7fa9ae7387a8e59ee754
SHA256af73b9fbe8877f8458f41230f7498b1fa0370699e6d8a3641987a35975db91ad
SHA512f13872bfca53638b4fe66e0c867c58feeb2b89c5b73ef4935c116d91cee7135e899558dca4ff5a01b35a033f1db71bef868b146f13da4906f5fb2f9492cf8749