Overview

overview

7

Static

static

3

3b5aff3b2b...cs.exe

windows7-x64

7

3b5aff3b2b...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/05/2024, 22:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3b5aff3b2b4c6b9885c7aa3fd76ae140_NeikiAnalytics.exe

  • Size

    65KB

  • MD5

    3b5aff3b2b4c6b9885c7aa3fd76ae140

  • SHA1

    cc14d437b4b8f501ed541d0776441792d0342311

  • SHA256

    13d200cfffb883ab1831a0a2211989448299191de22ea771cd82583770744c17

  • SHA512

    134c3936a8563cdb5854fa645749be921656fa3a36329d7fba44cfcf2f278409509e7c32839062c231aef139282d12411ada9f5006dc56b5c1571c94c1ba3310

  • SSDEEP

    1536:Lttose4OcUm3QI5EPZo6E5sEFd29NQgA2w6TNle5c:7ose4O+QZo6EKEFdGM29le5c

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b5aff3b2b4c6b9885c7aa3fd76ae140_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3b5aff3b2b4c6b9885c7aa3fd76ae140_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4432
      • C:\Windows\SysWOW64\ewiuer2.exe
        C:\Windows\System32\ewiuer2.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:4656
        • C:\Windows\SysWOW64\ewiuer2.exe
          C:\Windows\SysWOW64\ewiuer2.exe /nomove
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          PID:4896

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          Filesize

          65KB

          MD5

          d723c091f27766bf70df3050e88c0d2c

          SHA1

          c9375971c8461bdea03c15e380ed29f05e56fd17

          SHA256

          78acda931c611fd787e1ef8ada9fe90d2a3179ea63ab862716b4d227b9568e6d

          SHA512

          bca59c35c6fefc08df9daedba9c6364e5f51b6c049cbeda8f71591df45740910ffbef55b5de6a7a2bd887e52ae49d349cff9ffccc75e671be1356918590b1707

          Download Submit

        • C:\Windows\SysWOW64\ewiuer2.exe
          Filesize

          65KB

          MD5

          42f86b9b7f9e1126e4f541146ee3ecfe

          SHA1

          c35c692a3f923dec3bf773e50663784b02a2028f

          SHA256

          030f76c6115dbf75bd6dc5cb2d7332358e0efefff37fa49a169aa21f65b07f3f

          SHA512

          a2636ac6c1e1df4b3292b7c298f5f60fa4ad4f02d10c6911f0b4013c5de69b045d44c3d6529ebcae60d004a990caccabacf507d563e6583a0b14960d4d04f1db

          Download Submit

        • memory/2364-0-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/2364-4-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4432-6-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4432-7-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4432-12-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4656-13-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4656-14-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4656-16-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download

        • memory/4896-17-0x0000000000400000-0x000000000042A000-memory.dmp

          Filesize

          168KB

          Download