Overview

overview

7

Static

static

3

65a7db81f2...cs.exe

windows7-x64

7

65a7db81f2...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/05/2024, 03:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    65a7db81f2d074d4bee3961b2cd000e0_NeikiAnalytics.exe

  • Size

    3.1MB

  • MD5

    65a7db81f2d074d4bee3961b2cd000e0

  • SHA1

    4817f10eb3f70a52f23cdcb5c45b162c53576c65

  • SHA256

    13c3072449458dac2e4378cf22fd4cc176a1663946ce65424f5bbec4bfcba25b

  • SHA512

    edafe019bf6c84aa3f0708aea0b28225cce30227bd47e97ab76cce59e7fa18d749e72401c02bf1f3a2bf62c17d5c18700f8933ae199b6f54d889e090cff43440

  • SSDEEP

    49152:4/yYSgCKNG43CXiKqse3pKfiYrObSDM+GZmT3hdp8JA/h3XLBq3HOQOC:2yYSIoXib3pKfi7cM+GGAi/hXW

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65a7db81f2d074d4bee3961b2cd000e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\65a7db81f2d074d4bee3961b2cd000e0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Users\Admin\AppData\Local\Temp\inetsvr.inf
      2⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2936

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\inetsvr.inf
          Filesize

          483B

          MD5

          39bbd68eab1ec0dc97f0e4c5dcf91e33

          SHA1

          87bb0e51b99a20c6293b3cf3ea3bc343103abc0c

          SHA256

          992c1d756b74c2ecd339db76788d6a045a99ae5e5c982a5d8dfe1d9dc9ac87c6

          SHA512

          b16f8005cc7d24f768644911ae6de28f9937219a68286e83fd70f48802991296addcf97f9607071d7e2a2d8f261426a4287014350e75e486334e6896b2c1f0fc

          Download Submit

        • \Users\Admin\AppData\Local\Temp\HPSocket4C.dll
          Filesize

          2.8MB

          MD5

          8430b540f961d9268b004929931aeb8c

          SHA1

          b306b1421b25ea019abd0fd849b64fdadf5bbd01

          SHA256

          33d2dfd87f6520428f7c24bcb64032be2cf97ecadcf2ee5530ca21a5d213be51

          SHA512

          da6fda11b945504eb388e2314d318c795eb5317898c80f367d876a32349b210c2471bf16259044bbe60fccd99334b719aaac5fe67698cb8a305b91f5f8d9ad4d

          Download Submit

        • memory/2968-0-0x0000000000390000-0x0000000000391000-memory.dmp

          Filesize

          4KB

          Download