Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 10:11 UTC
Static task
static1
Behavioral task
behavioral1
Sample
bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe
-
Size
79KB
-
MD5
bfe0b77a44de4bad21c25f744eac5370
-
SHA1
9627a3c75425226d03183675553b087170814968
-
SHA256
e17a44fb53ce14974fd699211f5e96d6064589e7ab462a30d567050bf0ca03f4
-
SHA512
01eb8536c801326a0ab30fd29dac210e4b276ceaadea6a102fd0571b92997e6068f53195844f14c3b7e922a249b515cec367765e1988304189c2f9b2e9cbdf2a
-
SSDEEP
1536:zvAGxcVqjZf0T78OQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvAGGIfO9GdqU7uy5w9WMyCN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3024 $TMP!10@.COM -
Loads dropped DLL 2 IoCs
pid Process 2568 cmd.exe 2568 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2400 wrote to memory of 2568 2400 bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe 29 PID 2400 wrote to memory of 2568 2400 bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe 29 PID 2400 wrote to memory of 2568 2400 bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe 29 PID 2400 wrote to memory of 2568 2400 bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe 29 PID 2568 wrote to memory of 3024 2568 cmd.exe 30 PID 2568 wrote to memory of 3024 2568 cmd.exe 30 PID 2568 wrote to memory of 3024 2568 cmd.exe 30 PID 2568 wrote to memory of 3024 2568 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\bfe0b77a44de4bad21c25f744eac5370_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2400 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c $TMP!10@.COM2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM$TMP!10@.COM3⤵
- Executes dropped EXE
PID:3024
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD58467b04226385eb1531871552dcb539c
SHA1651ca4279e5021623806438633b1d2072325b49c
SHA256ce5237f1a539c54240e3ca9c9d873743475915a488228259eee2b4237468ecf8
SHA512b7787dfb30d840da9caeb66775bdab2258776680c7295310cd890fac1a6aacc04095272d54bdd85809eb89f71e8c993dc288e530e46f8e7e42570dbc38e47523