Overview

overview

10

Static

static

1

50720f14e2...cs.exe

windows7-x64

10

50720f14e2...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50720f14e255e2cbf86f7fe4a9ade830_NeikiAnalytics.exe

  • Size

    244KB

  • MD5

    50720f14e255e2cbf86f7fe4a9ade830

  • SHA1

    77d15479b2bb561f1d03655d997e99ebae77c5c6

  • SHA256

    9ee6df06890de1a6e0623f9c2f816cb9c093ceefbc9f80b82df70e03f168a1dd

  • SHA512

    10a0420bb8a5bbbcb59376a68d5dd1e15fdf17d6bc20d7df7f121478fcb8be82db4bd3e6a6f3276872a7f490a7be54edfd590c3d48ab0fde13df7bd44cc95cba

  • SSDEEP

    6144:4EXlSylvFuWaS54hIAv/QhuA7HY8pPZ0FP6BzxM5EmX:VAylvv5YRwh9HYd61xhmX

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50720f14e255e2cbf86f7fe4a9ade830_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\50720f14e255e2cbf86f7fe4a9ade830_NeikiAnalytics.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:1504
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 856
        3⤵
        • Program crash
        PID:1648
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1504 -ip 1504
    1⤵
      PID:4840

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\apppatch\svchost.exe
      Filesize

      244KB

      MD5

      068cfa4c68da1f2bbcef0579309659e5

      SHA1

      5f58787fd61c6e5ea7987560ebd3bd277f0ed98e

      SHA256

      8b4b2e1e9444a376f1fff090508c59775ad7d122bf55fb8e9404d9bb9dd5bc25

      SHA512

      50e5980cb22312a40e7e75a0a1b33df08b5417be3674a275235fd758cca468f7912ed3f0890f5eb9d51c08e4315cbf546eac04ff7948fc4051285ea087bfba72

      Download Submit

    • memory/216-14-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/216-2-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/216-1-0x00000000020D0000-0x0000000002138000-memory.dmp

      Filesize

      416KB

      Download

    • memory/216-0-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/216-13-0x00000000020D0000-0x0000000002138000-memory.dmp

      Filesize

      416KB

      Download

    • memory/1504-15-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/1504-16-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/1504-17-0x00000000027A0000-0x00000000027EA000-memory.dmp

      Filesize

      296KB

      Download

    • memory/1504-18-0x0000000000400000-0x0000000000469000-memory.dmp

      Filesize

      420KB

      Download

    • memory/1504-19-0x0000000002B40000-0x0000000002B98000-memory.dmp

      Filesize

      352KB

      Download

    • memory/1504-23-0x0000000002B40000-0x0000000002B98000-memory.dmp

      Filesize

      352KB

      Download

    • memory/1504-21-0x0000000002B40000-0x0000000002B98000-memory.dmp

      Filesize

      352KB

      Download

    • memory/1504-26-0x0000000002B40000-0x0000000002B98000-memory.dmp

      Filesize

      352KB

      Download