Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 07:57

General

  • Target

    a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe

  • Size

    31KB

  • MD5

    a39e1a28588956a1ee67941f94f02120

  • SHA1

    3e12ac7e54f66be19ddf6cca0d42fa3a88dacbd6

  • SHA256

    f27a6561d3af1e7cb3e7377f63a112eb13c4eb5052a6a36ff1f5c97f96479a6a

  • SHA512

    2a7718a9c2b43b96a7667361bb3616b393282e068f7b677a456944570bf313f79a623f1d122f6a3669e66301ac2bd90b0d01c15a9d3058ce228299b3ff3a7d44

  • SSDEEP

    768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhq:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wYK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a39e1a28588956a1ee67941f94f02120_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe

    Filesize

    31KB

    MD5

    e186b4ab84e3888275c53a5ccb351cd9

    SHA1

    3421124e76653a12e66c326534dc8dbd78452119

    SHA256

    d4c1c964ad15df96c0017d85ca87874dae82dceed16f2e7fd1a19cb5a69d74ed

    SHA512

    af8c8357660e91ac8e6392ecda48b8292d2301c2071ff4536f4d90aea83479b1076acf29f8914a09cb54f8c8d1c8e7c41183d0a76db0aabaf244c78ad8c57e8f

  • memory/1756-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

  • memory/2776-7-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB