Overview

overview

7

Static

static

3

3a6c01c2d8...cs.exe

windows7-x64

7

3a6c01c2d8...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 21:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a6c01c2d85f0945f88c7464c80ee550_NeikiAnalytics.exe

  • Size

    223KB

  • MD5

    3a6c01c2d85f0945f88c7464c80ee550

  • SHA1

    4cbf27e574d88598c813e4538c72bb2ef73fa7c4

  • SHA256

    66aa7481522c526d8aaca6ec02f05d15bc324207791b42580f92a0142ede4393

  • SHA512

    ff811627364ca9c60204d55165d2802d775a752ba566939d55500303e228b1425ca330a94b0250bd67125fcfce518d79658a757f7577642b7c4ec6fc0cf7beee

  • SSDEEP

    3072:74G/rq0uNnmIJPld3kFkbENgscfL8QtX56hC22LLpPg7yLg9EPJxK5fOUqiz5ebq:8mIvdclcLh5ujQ+/6KRDMWP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a6c01c2d85f0945f88c7464c80ee550_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3a6c01c2d85f0945f88c7464c80ee550_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Users\Admin\AppData\Local\Temp\3a6c01c2d85f0945f88c7464c80ee550_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\3a6c01c2d85f0945f88c7464c80ee550_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\3a6c01c2d85f0945f88c7464c80ee550_NeikiAnalytics.exe
    Filesize

    223KB

    MD5

    2a8516ac6eba47b6e46992a1d995cdca

    SHA1

    ab653bb845bf8b4d6d66a95963a31ac4e112c1b5

    SHA256

    18e4db09e583990d272abf6cf1c9879bb34f25bfffb19f2fea1b3aaa42e753dc

    SHA512

    38de098c737135e3b794d38998e427c202cccbe31b97e7a35452607490ae5ff39ee8ec06e52b5287dd402011ccd50803183ba698fa423ae8ee462acd17ff527a

    Download Submit

  • memory/2080-11-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2080-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2080-17-0x00000000001F0000-0x0000000000236000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2080-18-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2428-0-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2428-6-0x00000000001C0000-0x0000000000206000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2428-10-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download