Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 13:34

General

  • Target

    1625b6a739b286f54fcf7a3fa803ad70_NeikiAnalytics.exe

  • Size

    85KB

  • MD5

    1625b6a739b286f54fcf7a3fa803ad70

  • SHA1

    86739e8574d63e090c28ab9a61b0425f77b42c4a

  • SHA256

    03f79ac67cfd206bfaffb7dddf0b96340ffd1af69c739ce29f6857bc964630b7

  • SHA512

    7ce7f202cfc622645634942d3398ceb01cad8f5e0a9cfd56a8a71ef3ebdd3b9988d2682020ca77e17c843d49ffd8ed3727ee3a7e9357bdd9768a1a51d3478325

  • SSDEEP

    1536:CZFJTafg3hnfq4yyFBrRyyeBaiRTxRwvru8Jb4JpH:yFGgRfqI2z

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1625b6a739b286f54fcf7a3fa803ad70_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1625b6a739b286f54fcf7a3fa803ad70_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Users\Admin\AppData\Local\Temp\retro.exe
      "C:\Users\Admin\AppData\Local\Temp\retro.exe"
      2⤵
      • Executes dropped EXE
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\retro.exe

    Filesize

    85KB

    MD5

    0f82433c74a04290f1b974578458a8b7

    SHA1

    ef9c3b57708e28b8a167fc389c1e3bc99f810aad

    SHA256

    165cf4250976ac1a932e6986ea407f4812f2e0d136ef2d760f110266ab6f1e60

    SHA512

    861b961e0e7f171b731e0899f8e17cd701910bf5cd8a51b26464c2e71a7c6f123caa233b5363c6cac19e9ed42d2b59a172bf8978805711c7aa35b21de63ee35a

  • memory/2372-19-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

  • memory/2372-21-0x0000000000600000-0x0000000000606000-memory.dmp

    Filesize

    24KB

  • memory/2372-30-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

  • memory/4792-0-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

  • memory/4792-1-0x0000000002D70000-0x0000000002D76000-memory.dmp

    Filesize

    24KB

  • memory/4792-2-0x0000000000400000-0x0000000000406000-memory.dmp

    Filesize

    24KB

  • memory/4792-8-0x0000000002D70000-0x0000000002D76000-memory.dmp

    Filesize

    24KB