Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 00:04

General

  • Target

    4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe

  • Size

    1.7MB

  • MD5

    4d78f381e76ec1dbb86034a7750ca7e0

  • SHA1

    6a1cd54850d54c74299f0f98a6eff1fbbedc40a5

  • SHA256

    e6a088d743bab166a9f4ef804eaa559ce2f9d3d7d73b147100d742ce4cf16af0

  • SHA512

    4e76c8649571959d7717faa7ab833df0de0603498f80e01dab92a008bb2aa745be5adce7f7e278751e78d537a35cf2bfc51339a51e9294986f7e30cce91724d8

  • SSDEEP

    24576:c7FUDowAyrTVE3U5F/oOW7izc5GtBbb4vS7g5vVY3BT4lbURP:cBuZrEUrWh5Gjg5dYFvt

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\is-736ES.tmp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-736ES.tmp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.tmp" /SL5="$4010A,837551,832512,C:\Users\Admin\AppData\Local\Temp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe"
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      PID:1696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          306eaed60ab99a14d9786c7679fde764

          SHA1

          fb80709eb61559d976608fc6f8fcfd9b66c10945

          SHA256

          bc45f5733b33df730bfc0d3442114d6f8315cc8ef17c6a666c0d59b481b438d5

          SHA512

          f6e2513257e525e6be6ebd448dcb323bc7729110e0b5860311817fe9cbe5999c59d8a9883e4c2e3af1f674bf88832c202397b779f405f45378781c7f72180eee

        • C:\Users\Admin\AppData\Local\Temp\Cab393B.tmp

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\Local\Temp\Tar395D.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • \Users\Admin\AppData\Local\Temp\is-736ES.tmp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.tmp

          Filesize

          3.1MB

          MD5

          ae7251007dc9e01a4a70757dceb19034

          SHA1

          130790343b80b1ec68b144ed943357cb7b636062

          SHA256

          5c9fa3e75340669f4670d2ddb8064f74f0304c96d06a62cb716ac60e2b444d2a

          SHA512

          cceaacf154ba6902c9a76a3f84c3472a96b0d8c2e68db6e0100c490c50adad44604a076eeff84a35442b3d1a6bebd1ab2bd24d7d92c741e9e3cd8ca8e545a094

        • memory/1696-8-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

        • memory/1696-121-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

        • memory/1696-123-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

        • memory/1736-0-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

        • memory/1736-2-0x0000000000401000-0x00000000004B7000-memory.dmp

          Filesize

          728KB

        • memory/1736-120-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

        • memory/1736-125-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB