Overview

overview

7

Static

static

3

e8264ae87c...cs.exe

windows7-x64

7

e8264ae87c...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8264ae87c0eb12551637dee818e4900_NeikiAnalytics.exe

  • Size

    6.0MB

  • MD5

    e8264ae87c0eb12551637dee818e4900

  • SHA1

    f44e76e762a8c44c47204bd4476a2e03e184eeff

  • SHA256

    c8510a3cda540824948abee30fcf2fc6923ee3864159475d16dc7395a8cd473f

  • SHA512

    8cf3a42e9148c50cdeb1e870085c7a004ad0ce0f360d2775464ef36becc482a01acb498c06cb6fe356a85aafa7fd0e08f34a817fdfd70d8af70ff5c09fd80151

  • SSDEEP

    98304:emhd1UryewpoevGeuV7wQqZUha5jtSyZIUS:elQpHv7u2QbaZtlir

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8264ae87c0eb12551637dee818e4900_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e8264ae87c0eb12551637dee818e4900_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Users\Admin\AppData\Local\Temp\A322.tmp
      "C:\Users\Admin\AppData\Local\Temp\A322.tmp" --splashC:\Users\Admin\AppData\Local\Temp\e8264ae87c0eb12551637dee818e4900_NeikiAnalytics.exe 135CE8F1AC96129C93677648F04C4832C7BA5BEA65A94C4E67B9C965D78171A8C941C20097A71A9942AD9C7ED7436BB9C6EE302E2684DB4D47CD4AC79AE2110B
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A322.tmp
    Filesize

    5.9MB

    MD5

    4ba2115f840a9ebfec3f69ba18072d81

    SHA1

    c45eb6486b2131e063dc47f1028597ffbbbfff20

    SHA256

    46b7265a9463b817a6babfe4d4d948f52d02c8e0902180a1ef417efeb8163330

    SHA512

    3878220f5663640f0eba11f878a729aed28d82eac4243702bed4b6c1520b4b7b18b6a1413952bffc2090c1e01ed8529786922e181d84e8a538fb22adbe88e181

    Download Submit

  • \Users\Admin\AppData\Local\Temp\A322.tmp
    Filesize

    6.0MB

    MD5

    c20f6abd9a55b621687f73220320278e

    SHA1

    252a058ff0dc6f02cd045d4805c93f0e6bc453c1

    SHA256

    2805fc663a45905e0be51f4b7b9da1a1bd3f1c0f19691bb4a370454966d45b95

    SHA512

    553cde620f8622de74491b2bfc85012eb18bb0521fa637f561bb0dc472d3575aaf1c89804e73809899a748d38e8af3d24648dc29aa44b35461b47d4375f8e347

    Download Submit

  • memory/2444-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/2856-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download