e5da2eca7d1df96e42f33cda31479089af32a0836c7f8a0c89cb713237f04da7

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 09:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe
Size

50KB
MD5

adc14a4587f8b995361e5dafef902840
SHA1

39cc61591dc15932721e4dac51044f41d2561d4b
SHA256

e5da2eca7d1df96e42f33cda31479089af32a0836c7f8a0c89cb713237f04da7
SHA512

fdab783a6d246b18f21f7852ec9152e1aa2a66aaab8120c864e28495c50e7c032c24219c06a4865a42ea5bbecf2df49f53e53459f4476e12053f9599af730585
SSDEEP

768:BVu+XgNKfMZZw+t0Vuo7uw1NmeuZjbv6M0MceOeX8B:HuMgauZw+MKeuNbCMceXe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2176	kyyjs.exe

Loads dropped DLL 1 IoCs

pid	Process
1640	adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2176	1640	adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe	28
PID 1640 wrote to memory of 2176	1640	adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe	28
PID 1640 wrote to memory of 2176	1640	adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe	28
PID 1640 wrote to memory of 2176	1640	adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\adc14a4587f8b995361e5dafef902840_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\kyyjs.exe
  "C:\Users\Admin\AppData\Local\Temp\kyyjs.exe"
  2⤵
  - Executes dropped EXE
  PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\kyyjs.exe

Filesize
50KB

MD5
51a45f851364ea018a6950ac0cc22094

SHA1
31de6290f664f824a90c5940b4a5f87855fad7ee

SHA256
6b5f7bf57fa2f97ae46cd0a94ef02b9373991ebe721e0be5710391a45a23e4cf

SHA512
0a0e3578cc2587f98eb58d027007d344e696edb9af79b30d4184f095b39565461e27c06fca63a0397840f7db2164339b8c7a9b5c15fd55defe26b331f519011a

Download Submit
memory/1640-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1640-2-0x0000000000401000-0x0000000000403000-memory.dmp

Filesize
8KB

Download
memory/1640-9-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2176-10-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2176-11-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download