Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 19:04

General

  • Target

    443da503217dd15c4b7f58a6a05a6e90_NeikiAnalytics.exe

  • Size

    220KB

  • MD5

    443da503217dd15c4b7f58a6a05a6e90

  • SHA1

    f418f09bd6658f4d7e6bd564b1c024f5c90dfafe

  • SHA256

    04bafaeff357cda9e9876cfd002959266659212dace1d546b3b7bfce1dd58c71

  • SHA512

    a02ea80d8ac7f1f6be7fab0e973b21fc37f30054b782cf2df4a3d5895e93ba6da5c3f440676638b015ba15c023f067e994de691be2589202dd6ab256ea4f87ae

  • SSDEEP

    3072:YsXRmUIMitiMQose27vc+Eld+xZp2vPRL1tT06zJoxAWBcKpSP//dwRm8:ZR5IuMQoseGk7RZBGxAycKpSPX2T

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\443da503217dd15c4b7f58a6a05a6e90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\443da503217dd15c4b7f58a6a05a6e90_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 464
      2⤵
        PID:1988

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1688-0-0x000007FEF605E000-0x000007FEF605F000-memory.dmp

      Filesize

      4KB

    • memory/1688-1-0x000007FEF5DA0000-0x000007FEF673D000-memory.dmp

      Filesize

      9.6MB

    • memory/1688-2-0x000007FEF5DA0000-0x000007FEF673D000-memory.dmp

      Filesize

      9.6MB

    • memory/1688-3-0x000007FEF5DA0000-0x000007FEF673D000-memory.dmp

      Filesize

      9.6MB

    • memory/1688-5-0x000007FEF5DA0000-0x000007FEF673D000-memory.dmp

      Filesize

      9.6MB

    • memory/1988-4-0x00000000022F0000-0x00000000022F1000-memory.dmp

      Filesize

      4KB