fa6194fc58206b266710e7c61ebb075a825783f4faac73cd9ae33382418fb06d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 16:22

Target

1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
Size

1.6MB
MD5

1e8ba979692b82dfc60beb4294518bc0
SHA1

8666f06e44f459368c598ca36a999e4bad33cc78
SHA256

fa6194fc58206b266710e7c61ebb075a825783f4faac73cd9ae33382418fb06d
SHA512

ca2bb583ad354fd433b056228c159f531a172bd3877d355d136bdff91701d8c30cc55c5ea8ac34437ca2abaef044b061eab2f9e2f66296830d4fdfb5744fdb57
SSDEEP

24576:18+KpPiPE/mN/yhYqnbBkH2DG+d/L2D5nC4FsrBKHEGM6N8HrnYuXgS4xs78aPu+:GD+N/ybqwGGaD5npVSLYV7aPu+VS12L

Score

7^/10

Executes dropped EXE 2 IoCs

pid	Process
2992	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2724	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe

Loads dropped DLL 4 IoCs

pid	Process
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe
2992	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2992	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2992	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2992	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2992	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2724	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2724	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2724	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2724	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe
2724	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2992	2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe	28
PID 2980 wrote to memory of 2992	2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe	28
PID 2980 wrote to memory of 2992	2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe	28
PID 2980 wrote to memory of 2992	2980	1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\xxserver.db

Filesize
46B

MD5
91ee368f2c0a015b789e7c4750e38dfc

SHA1
f99da70b95c5db042ae2e54349a770777135d8ca

SHA256
b2b68a951726f8f42241a24e0977ea3dcde13ee6df6aba605ff6b3355c9dae62

SHA512
8102ca679f299534d96803d27b5dc7f45603abdcea74135eea56f4355e9f90ad11be50568ecc617285af22f3c5c52fc2bbfce4d810000961eb84e8d1adab8859

Download Submit
\Users\Admin\AppData\Local\1e8ba979692b82dfc60beb4294518bc0_NeikiAnalytics_L8YCRwwQmxac.exe

Filesize
1.6MB

MD5
e9e9501345dcab134b29e30a2c49a7d3

SHA1
f104754dabc2f3a723ed412e51628bd2afc9dab2

SHA256
6414b0fe9cf64feebab586d13733660859f5bdbb1fceefa516c041c85af5b3f1

SHA512
d19cce63f61c56c16081c31bff10297ddc5ada38ac70bfaaee7e86846de88277bd7de3f9f20623c4b1489834ce4a42e4a4b8e5ee33e2a0241a170ad6f9de9bad

Download Submit