Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 10:16
Static task
static1
Behavioral task
behavioral1
Sample
c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
c0ff4989f218ef837d79911b75959fd0
-
SHA1
cf8ff821c442cb8aae4a7390accad34393b3776c
-
SHA256
eb4cc01f131977fff0be14e66b08489cace53097c1bc787d457b8a023c6e4772
-
SHA512
f0999c245d9e9063d8ee3c15d05c8d920226e1b9457fa5475e027af58dc980571626a25aed206c4ab6cce42b4c1339c944fb3ea59b7ea6c5b52d19d6f0a691af
-
SSDEEP
1536:zvnfrqeU8YiFslOQA8AkqUhMb2nuy5wgIP0CSJ+5y5B8GMGlZ5G:zvnfmx8FFs8GdqU7uy5w9WMy5N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4204 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3140 wrote to memory of 456 3140 c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe 83 PID 3140 wrote to memory of 456 3140 c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe 83 PID 3140 wrote to memory of 456 3140 c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe 83 PID 456 wrote to memory of 4204 456 cmd.exe 84 PID 456 wrote to memory of 4204 456 cmd.exe 84 PID 456 wrote to memory of 4204 456 cmd.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c0ff4989f218ef837d79911b75959fd0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Windows\SysWOW64\cmd.exePID:456
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:4204
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5da7ee1bd8a4b59a09f3f8d50cd879d0a
SHA16dcf9e8cd42bec2418d72561289bf155f24130c7
SHA256393dcd2358c78d5420fd8ae4173a702569355bba60cea757c8ac895d8ebbda96
SHA5123fb371cd4f228e7554e8d3dcb938a10ca757217bc74ef269a01b91b6249cbcd505c10461141ecaf0d9beba7a9554958e23e1280ce120c8aaacefc62990e989e7