Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 11:46
Static task
static1
Behavioral task
behavioral1
Sample
d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe
-
Size
79KB
-
MD5
d6316aed11355d79b27b2cb465e38190
-
SHA1
addd62bff1c97a4a354789e44286c9db386f72d5
-
SHA256
a9b1a61837a00fb89d6fca1f54ac163c0eb3a9ecb70368b7bd1c5af51bdba98c
-
SHA512
0ae93f82baa754817150106f5dbf8123ff4684716634093ecfd32aff18aa9499160487ec1311bee2b020df172ee64512591622603cd1c2d3eeeb5f6a133eab7f
-
SSDEEP
1536:zvANfA7voIfaFOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvANfvi9GdqU7uy5w9WMyCN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 996 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4380 wrote to memory of 3412 4380 d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe 83 PID 4380 wrote to memory of 3412 4380 d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe 83 PID 4380 wrote to memory of 3412 4380 d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe 83 PID 3412 wrote to memory of 996 3412 cmd.exe 84 PID 3412 wrote to memory of 996 3412 cmd.exe 84 PID 3412 wrote to memory of 996 3412 cmd.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\d6316aed11355d79b27b2cb465e38190_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4380 -
C:\Windows\SysWOW64\cmd.exePID:3412
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:996
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5b1a3a9fae907e27bf8df6bff9e2f5975
SHA14df4f0909a15b78a5af49590bfc357210fd22a28
SHA256a5013bc93ba28558b0ec4c2192d610cc4fc4b76a8a05e39d685c36a6a0562275
SHA5122a06db1bacb91537cf3a4b5f3e95e8d620280972b16655f1c0b9083883f26ac0b918fead0f30eb0d41b1fd0c8a0a30f4e25f123f0f19e5b8942190c087a59728