cccc268ff52e2124503f17c80c9cb5939754744bff2191ca68b85acac15c2a36

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe
Size

80KB
MD5

b71823af7c346f63f1c06bed5985f500
SHA1

bfe61271c9c1d0b805e668019339492b1c8c2f9c
SHA256

cccc268ff52e2124503f17c80c9cb5939754744bff2191ca68b85acac15c2a36
SHA512

cc48cd29651b44aef184e303b1e9f7d4e4c25064022f8025c5662519548876620b42f5de6e2d440ea158e0b2ef3232a64623f06316f9d6bf4333782153928a80
SSDEEP

1536:24Bobv7ZhMRxQrXKJRHahjAqSI1y03Sx4:/Bo77Agb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1912	zbhnd.exe

Loads dropped DLL 1 IoCs

pid	Process
1960	b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1912	1960	b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 1912	1960	b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 1912	1960	b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe	28
PID 1960 wrote to memory of 1912	1960	b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b71823af7c346f63f1c06bed5985f500_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
  "C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"
  2⤵
  - Executes dropped EXE
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\zbhnd.exe

Filesize
80KB

MD5
8e876fe3aeb8877f760e27d5a042a815

SHA1
f86984c52d37b2f1ccc0f5981cde32fe6f3a4aad

SHA256
a65fd211cd85f2905817317fd77f3801c0da5d22e9a975610d9cc0a81f2fb3cf

SHA512
f8e98e0fbf5de3dbea2e8136d6b1a7e0c446f85ebb0a82c8c6e16931da4fc7e389a6b9b56cdf939097b893bf979daba3e060fdf51a2cf5000a7dc6807878d3a5

Download Submit
memory/1912-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1960-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1960-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/1960-6-0x0000000001D40000-0x0000000001D49000-memory.dmp

Filesize
36KB

Download
memory/1960-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download