Overview

overview

7

Static

static

1

09a0cc44c0...cs.exe

windows7-x64

7

09a0cc44c0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    125s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09a0cc44c06337c2231e7f12515db970_NeikiAnalytics.exe

  • Size

    78KB

  • MD5

    09a0cc44c06337c2231e7f12515db970

  • SHA1

    2e566e47745a021fbdb8178c9d4b0dc833e9bbcb

  • SHA256

    54213e65273fb7ccb8932f74f972ea7bf0bfdd357411ffcc34a292652e7f92ee

  • SHA512

    8ab96a1a92d654fbfbbc016d70be16bd85c163c90a18dbad8d77635a91e7c32701c6adba4d8a6e2a8a689759d03fab6602ad538cf3fce5b041d6aac336d2e6d8

  • SSDEEP

    1536:nLNIW39SaZTbFARlq7jC1OZstZu0TS3gEdUJCkb0FGI:nLlbZTZX3BAtTS3gEdUJCkb0FGI

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09a0cc44c06337c2231e7f12515db970_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\09a0cc44c06337c2231e7f12515db970_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\ProgramData\Graphics\guifx.exe
      "C:\ProgramData\Graphics\guifx.exe" /run
      2⤵
      • Executes dropped EXE
      PID:3048
    • C:\windows\SysWOW64\cmd.exe
      "C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\09a0cc44c06337c2231e7f12515db970_NeikiAnalytics.exe" >> NUL
      2⤵
        PID:4524
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4184,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
      1⤵
        PID:3012

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Graphics\guifx.exe
        Filesize

        78KB

        MD5

        622ed6b05b2c0ef443b994423767a497

        SHA1

        8757b81e8d36560a6df065bd573f88e9a29f28c8

        SHA256

        3c39b9d49062fc81ce98f0acd0a0d72ce5344107d81f88ea4e0d6f7ce68e0b25

        SHA512

        109b473f1eb0aa1d04c8bf29a30994bcb6c8d6b32ccc443eeaea11f32b69d66cbb95ea68cad043f7d4013b1b4b832d70095b059715b107791a36a05399556dd3

        Download Submit