Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
11/05/2024, 01:23
General
-
Target
4a672fcb6035a7f13a6e7cfb56653f30_NeikiAnalytics.exe
-
Size
131KB
-
MD5
4a672fcb6035a7f13a6e7cfb56653f30
-
SHA1
69eeff64d2b2f33740ef9b02b257cffbd036f717
-
SHA256
2b7a424f64efc23ed93e6a6454203cdd829a6214a53c68611ac26aaf3e392c15
-
SHA512
c46bbd4a05444d5f1cd8a9ef212dbf85f5bf22e007e43098dcf67f056c8450b9111ba9094a29d2d7126be77d899f76ea81748653d21089122e7ac95cdb01a807
-
SSDEEP
3072:ZVMfMIbIaw3J90/LfD/Q+BC3K5eqU+BC3K5eqYroGIkToBN:kfMmMmXgK70K79B
Score
8/10
Malware Config
Signatures
-
Modifies AppInit DLL entries 2 TTPs
-
Executes dropped EXE 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a672fcb6035a7f13a6e7cfb56653f30_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4a672fcb6035a7f13a6e7cfb56653f30_NeikiAnalytics.exe"1⤵
- Drops file in Program Files directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {4D1A0ED2-23EE-4CE0-9887-94F1AC1742FE} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\PROGRA~3\Mozilla\eccstpf.exeC:\PROGRA~3\Mozilla\eccstpf.exe -ufgsyxd2⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
131KB
MD5cc08f17f5244e15d8fae097825b9a5ec
SHA185192a2c10f16094c38d216d49c46a4ee5ec3b96
SHA2569ab079cfa29472e3fe3bb97b325e9a55d95bf54b70e61882b4431d8a860954fe
SHA512d647976053f5e66ad56f6ec3a3e169e8fd44c8ec92df7e4deba37e8232481eb846459cc8721e60c2f529d3c087c40b2d187cec7896a500b17b6491e6d881a6f5