Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11-05-2024 07:57
Static task
static1
Behavioral task
behavioral1
Sample
a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe
-
Size
31KB
-
MD5
a39e1a28588956a1ee67941f94f02120
-
SHA1
3e12ac7e54f66be19ddf6cca0d42fa3a88dacbd6
-
SHA256
f27a6561d3af1e7cb3e7377f63a112eb13c4eb5052a6a36ff1f5c97f96479a6a
-
SHA512
2a7718a9c2b43b96a7667361bb3616b393282e068f7b677a456944570bf313f79a623f1d122f6a3669e66301ac2bd90b0d01c15a9d3058ce228299b3ff3a7d44
-
SSDEEP
768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhq:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wYK
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2776 microsofthelp.exe -
Executes dropped EXE 1 IoCs
pid Process 2776 microsofthelp.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\microsofthelp = "C:\\Windows\\microsofthelp.exe" a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\microsofthelp.exe a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1756 wrote to memory of 2776 1756 a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe 28 PID 1756 wrote to memory of 2776 1756 a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe 28 PID 1756 wrote to memory of 2776 1756 a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe 28 PID 1756 wrote to memory of 2776 1756 a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Windows\microsofthelp.exe"C:\Windows\microsofthelp.exe"2⤵
- Deletes itself
- Executes dropped EXE
PID:2776
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD5e186b4ab84e3888275c53a5ccb351cd9
SHA13421124e76653a12e66c326534dc8dbd78452119
SHA256d4c1c964ad15df96c0017d85ca87874dae82dceed16f2e7fd1a19cb5a69d74ed
SHA512af8c8357660e91ac8e6392ecda48b8292d2301c2071ff4536f4d90aea83479b1076acf29f8914a09cb54f8c8d1c8e7c41183d0a76db0aabaf244c78ad8c57e8f