Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13/05/2024, 12:27
General
-
Target
b7990dd24656b62d10a043cdb941f980_NeikiAnalytics.exe
-
Size
681KB
-
MD5
b7990dd24656b62d10a043cdb941f980
-
SHA1
3ad119bcd3758893723f13c326be24acb8ee6f08
-
SHA256
4d2355a8d4244a036251e575ba35a2fb8434da77f1eb5109647fabe052bf586e
-
SHA512
60df81b17798e794bb43d8ad5583baafc9ebac75a029a6db61b75959497bec20d6bee9e20eff735e05352aa433695ba2207204d20a47c4ef9757c8f7e0b82fc4
-
SSDEEP
6144:nuj8NDF3OR9/Qe2HdJ8pSioXt4II0+zzrtjBvE:uOF3ORK3d11Xt4II0+zzrtjBvE
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7990dd24656b62d10a043cdb941f980_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b7990dd24656b62d10a043cdb941f980_NeikiAnalytics.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe10⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe13⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"14⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe16⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe19⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"20⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe /part221⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"22⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe24⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"25⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe27⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"28⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe30⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"31⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe33⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"34⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe36⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"37⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe39⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"40⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe42⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"43⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe45⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"46⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe48⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"49⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe51⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"52⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe53⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe54⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"55⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe57⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"58⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe60⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"61⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe62⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe63⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"64⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe65⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe66⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"67⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe68⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe69⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"70⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe71⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe72⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"73⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe74⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe75⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"76⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe77⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe78⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"79⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe80⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe81⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"82⤵
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe83⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"84⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe85⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe86⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"87⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe88⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe89⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"90⤵
-
C:\Windows\SysWOW64\LiveMessageCenter.exeC:\Windows\system32\LiveMessageCenter.exe91⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"92⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe93⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe94⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"95⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe96⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe97⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"98⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe99⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe100⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"101⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe102⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe103⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"104⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe105⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe106⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"107⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe108⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe109⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"110⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe111⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe112⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"113⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe114⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe115⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"116⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe117⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe118⤵
-
C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"C:\Program Files (x86)\Internet Explorer\casino_extensions.exe"119⤵
-
C:\Windows\SysWOW64\casino_extensions.exeC:\Windows\system32\casino_extensions.exe120⤵
-
C:\Windows\SysWOW64\Casino_ext.exeC:\Windows\SysWOW64\Casino_ext.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-