e6c610ee6d0f6eba2e063c91073fbd48c6e72939f283131dff82c5d920e76752

Analysis

max time kernel
142s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 11:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe
Size

97KB
MD5

06ed5493a9126be12d7a9e2bfe188cb0
SHA1

420652f1c8ef0cf72535a8373ff722889b30cbef
SHA256

e6c610ee6d0f6eba2e063c91073fbd48c6e72939f283131dff82c5d920e76752
SHA512

09e41de0fe0644eec082bef611712ff75c357786e839aa7f53f3c2877ab4a09a3efaf9339048d5db057f54067d2c221ccab4c45eb4bb881f6c58185ac9ad7045
SSDEEP

1536:iF0AJzLopHG9aa+9qX3apJoAKWYr0vcioyjp2RXKTzRZICrWaGZh70:iiApLN9aa+9U2EWyipjp2R6JJrWNZ6

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
116	WwanSvc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\WwanSvc.exe\" /run"	06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 116	744	06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe	82
PID 744 wrote to memory of 116	744	06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe	82
PID 744 wrote to memory of 116	744	06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe	82

C:\Users\Admin\AppData\Local\Temp\06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\06ed5493a9126be12d7a9e2bfe188cb0_NeikiAnalytics.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:744
- C:\ProgramData\Update\WwanSvc.exe
  "C:\ProgramData\Update\WwanSvc.exe" /run
  2⤵
  - Executes dropped EXE
  PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Update\WwanSvc.exe

Filesize
97KB

MD5
2427eabf7c04bfefe1e29789e50bc25d

SHA1
164d001f766c461e3a70d168903ad01ea1dfa28d

SHA256
86004c724fbe5f8858857934a06f06eb17a5b5370bdf2373d753336a7ad660ad

SHA512
a726cb78192ceca0b6a864c37f24096cafe2a22daee5f8f8f1ce5c57abe99514e984eeab01f0dc7ae5ce222aaf671d5e444d936e91cda7d8baba7cce4c1764d5

Download Submit
memory/116-6-0x00000000002A0000-0x00000000002BE000-memory.dmp

Filesize
120KB

Download
memory/744-0-0x0000000000980000-0x000000000099E000-memory.dmp

Filesize
120KB

Download
memory/744-5-0x0000000000980000-0x000000000099E000-memory.dmp

Filesize
120KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads