8d25767a7dfc6279ba34e8d68e56975c95ed6443dea4cbf7eac1e2d333a8f120

Analysis

max time kernel
143s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe
Size

73KB
MD5

48002e6ddeb34d167a1f2dfadb3b05b0
SHA1

dc810d4e4b98bdbc2fd814e3981787f8ebb16231
SHA256

8d25767a7dfc6279ba34e8d68e56975c95ed6443dea4cbf7eac1e2d333a8f120
SHA512

bd273031b564bc88557c6f12e818774c4ae06d25bffb26df2b7b38c0a4ba661293c66865959051db29ad3591efbc602285c43263167c8da574e437fa3c46a42d
SSDEEP

1536:nj+4zs2cPVhlMOtEvwDpj4H8u8rZVTs97:C4Q2c94OtEvwDpj4H8zm

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2284	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2492	48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000016056-26.dat	upx
behavioral1/memory/2284-19-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2492-16-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/2492-0-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2284	2492	48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe	28
PID 2492 wrote to memory of 2284	2492	48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe	28
PID 2492 wrote to memory of 2284	2492	48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe	28
PID 2492 wrote to memory of 2284	2492	48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\48002e6ddeb34d167a1f2dfadb3b05b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
73KB

MD5
2fdaabb20f2ccfd6beeda185ac091b60

SHA1
b8cb6fba0207b3838528ca8ba84d175a5743a653

SHA256
fca33e7220331f59a866b9ea78d3a2676a73246570ef9d047fb15a36e1be594a

SHA512
91f101f518a91a1c41b2b43ac86bae97d357c060fbaeb6316731de3ba783237884f87b147c7107091de6414162809228a8f3da9323196cbc17f5547ddfeee07c

Download Submit
memory/2284-20-0x0000000000290000-0x0000000000296000-memory.dmp

Filesize
24KB

Download
memory/2284-19-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2284-18-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2492-9-0x0000000000430000-0x0000000000436000-memory.dmp

Filesize
24KB

Download
memory/2492-16-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/2492-2-0x0000000000470000-0x0000000000476000-memory.dmp

Filesize
24KB

Download
memory/2492-1-0x0000000000430000-0x0000000000436000-memory.dmp

Filesize
24KB

Download
memory/2492-0-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download