Overview

overview

4

Static

static

1

4d78f381e7...cs.exe

windows7-x64

4

4d78f381e7...cs.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 00:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe

  • Size

    1.7MB

  • MD5

    4d78f381e76ec1dbb86034a7750ca7e0

  • SHA1

    6a1cd54850d54c74299f0f98a6eff1fbbedc40a5

  • SHA256

    e6a088d743bab166a9f4ef804eaa559ce2f9d3d7d73b147100d742ce4cf16af0

  • SHA512

    4e76c8649571959d7717faa7ab833df0de0603498f80e01dab92a008bb2aa745be5adce7f7e278751e78d537a35cf2bfc51339a51e9294986f7e30cce91724d8

  • SSDEEP

    24576:c7FUDowAyrTVE3U5F/oOW7izc5GtBbb4vS7g5vVY3BT4lbURP:cBuZrEUrWh5Gjg5dYFvt

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3112
    • C:\Users\Admin\AppData\Local\Temp\is-E9PCU.tmp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-E9PCU.tmp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.tmp" /SL5="$601EC,837551,832512,C:\Users\Admin\AppData\Local\Temp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.exe"
      2⤵
      • Executes dropped EXE
      PID:3272

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-E9PCU.tmp\4d78f381e76ec1dbb86034a7750ca7e0_NeikiAnalytics.tmp
          Filesize

          3.1MB

          MD5

          ae7251007dc9e01a4a70757dceb19034

          SHA1

          130790343b80b1ec68b144ed943357cb7b636062

          SHA256

          5c9fa3e75340669f4670d2ddb8064f74f0304c96d06a62cb716ac60e2b444d2a

          SHA512

          cceaacf154ba6902c9a76a3f84c3472a96b0d8c2e68db6e0100c490c50adad44604a076eeff84a35442b3d1a6bebd1ab2bd24d7d92c741e9e3cd8ca8e545a094

          Download Submit

        • memory/3112-0-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/3112-2-0x0000000000401000-0x00000000004B7000-memory.dmp

          Filesize

          728KB

          Download

        • memory/3112-8-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/3112-13-0x0000000000400000-0x00000000004D8000-memory.dmp

          Filesize

          864KB

          Download

        • memory/3272-6-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3272-9-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/3272-11-0x0000000000400000-0x000000000071C000-memory.dmp

          Filesize

          3.1MB

          Download