Overview

overview

7

Static

static

3

59b5bc0a88...cs.exe

windows7-x64

7

59b5bc0a88...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-05-2024 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59b5bc0a88049f6395be32aac10f3e80_NeikiAnalytics.exe

  • Size

    97KB

  • MD5

    59b5bc0a88049f6395be32aac10f3e80

  • SHA1

    bac38701a1b9dd0ddf564fb67640b0732ad24e31

  • SHA256

    4e5d557959f869952b468be342bfaf811d7e0a37518cb5236b0844e7b7e90494

  • SHA512

    10d1a5afcf8c726a0368dfe4c22d13f37c9bac1c915a22347150beef96b08d48abd402171bb33076075277a67d58e36d8da9207c6ab63557ed867d77063924c4

  • SSDEEP

    1536:jKywN8I/DY9eUtll6CMLk1IJ5n4+gkYTjipvF2PmEgKQ9Jr3ZdD04:GNbD3UDIJ5n4+gkYvQd2Y

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59b5bc0a88049f6395be32aac10f3e80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\59b5bc0a88049f6395be32aac10f3e80_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Users\Admin\AppData\Local\Temp\vusjeson.exe
      C:\Users\Admin\AppData\Local\Temp\vusjeson.exe
      2⤵
      • Executes dropped EXE
      PID:4540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\vusjeson.exe
    Filesize

    97KB

    MD5

    4cc21a7153822f341b534b6a178ddfd1

    SHA1

    54613a413d0af34b36cfe9891d8115ec22d68c69

    SHA256

    7688e082d1ec7d3ffbaba7f0baf081bcae651973adc2238aaac98d1f97d7d281

    SHA512

    92ff174082b24e6162f1119b8cd3d957195c8312d0c557d762f1c2e1343f33b29f28df8d69870cd0c8b55ac18a7a9926695f1eb36959f3cc02c3437e1b2bc4f4

    Download Submit

  • memory/4540-5-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/4680-1-0x0000000000403000-0x0000000000405000-memory.dmp

    Filesize

    8KB

    Download