1adde210269c43e2964603f794c90d46e693ceadea1699331d5bd37d43d39286

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 03:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe
Size

61KB
MD5

62af7af82016952c31370b44464ec8c0
SHA1

fd46133a46967eedd8209ce38ac2207ee780a6fa
SHA256

1adde210269c43e2964603f794c90d46e693ceadea1699331d5bd37d43d39286
SHA512

384f56760d95f437c356c98ebde9899ec930dd8d1670dd9a0cb985c217f9e80832fe178ae0a55efbc8af4874f8a8ddbe7ef144013368c50df1d59c681b26d418
SSDEEP

1536:ottdse4OcUmWQIvEPZo6E5sEFd29NQgA2wwle5:Ydse4OlQZo6EKEFdGM21le5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
1936	ewiuer2.exe
2904	ewiuer2.exe
2540	ewiuer2.exe
1448	ewiuer2.exe
2932	ewiuer2.exe
1708	ewiuer2.exe
1116	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
2256	62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe
2256	62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe
1936	ewiuer2.exe
1936	ewiuer2.exe
2904	ewiuer2.exe
2904	ewiuer2.exe
2540	ewiuer2.exe
2540	ewiuer2.exe
1448	ewiuer2.exe
1448	ewiuer2.exe
2932	ewiuer2.exe
2932	ewiuer2.exe
1708	ewiuer2.exe
1708	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 1936	2256	62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe	28
PID 2256 wrote to memory of 1936	2256	62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe	28
PID 2256 wrote to memory of 1936	2256	62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe	28
PID 2256 wrote to memory of 1936	2256	62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe	28
PID 1936 wrote to memory of 2904	1936	ewiuer2.exe	32
PID 1936 wrote to memory of 2904	1936	ewiuer2.exe	32
PID 1936 wrote to memory of 2904	1936	ewiuer2.exe	32
PID 1936 wrote to memory of 2904	1936	ewiuer2.exe	32
PID 2904 wrote to memory of 2540	2904	ewiuer2.exe	33
PID 2904 wrote to memory of 2540	2904	ewiuer2.exe	33
PID 2904 wrote to memory of 2540	2904	ewiuer2.exe	33
PID 2904 wrote to memory of 2540	2904	ewiuer2.exe	33
PID 2540 wrote to memory of 1448	2540	ewiuer2.exe	35
PID 2540 wrote to memory of 1448	2540	ewiuer2.exe	35
PID 2540 wrote to memory of 1448	2540	ewiuer2.exe	35
PID 2540 wrote to memory of 1448	2540	ewiuer2.exe	35
PID 1448 wrote to memory of 2932	1448	ewiuer2.exe	36
PID 1448 wrote to memory of 2932	1448	ewiuer2.exe	36
PID 1448 wrote to memory of 2932	1448	ewiuer2.exe	36
PID 1448 wrote to memory of 2932	1448	ewiuer2.exe	36
PID 2932 wrote to memory of 1708	2932	ewiuer2.exe	38
PID 2932 wrote to memory of 1708	2932	ewiuer2.exe	38
PID 2932 wrote to memory of 1708	2932	ewiuer2.exe	38
PID 2932 wrote to memory of 1708	2932	ewiuer2.exe	38
PID 1708 wrote to memory of 1116	1708	ewiuer2.exe	39
PID 1708 wrote to memory of 1116	1708	ewiuer2.exe	39
PID 1708 wrote to memory of 1116	1708	ewiuer2.exe	39
PID 1708 wrote to memory of 1116	1708	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\62af7af82016952c31370b44464ec8c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1448
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2932
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\94A4J7R0.txt

Filesize
230B

MD5
7723fbd4c292e85d1e75c46fa4129c5b

SHA1
de4bd1e315f1ba38888e0d475bb1a79c70ccdcef

SHA256
530b13767ef5c9c011254f2442f4de92bc13b082ac4d28bd055529564e2daec2

SHA512
85d9239e11faacbc5d97128d41c1f114026eefa9e8801cb08a5264cfbded8e53f5a8747f2edb0293d02f0dff8278c7d7fb86632811f2f6bbe56d7170b9f36175

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X2VCJFZM.txt

Filesize
229B

MD5
25e496ec0f0acf742443cea5921cb1fd

SHA1
fa93d630b459a164171485f566965d886d5a6ba2

SHA256
b9bee0f2440ff45a6c26df263b243d5baabeec721a39755a60bb74c971fa3cbd

SHA512
2826aa817912c9f0ccb9f5f57b6f9a1206c5160e58a82c23839a3af0554d9f17ea9d4a6ac9d33cfe35b6b67bd81f817cf0a9b52291d0721c744372b0b01424bd

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3080b76ffde26a323184e9dfe807ede3

SHA1
50d385490e8522d57a651850bb857bde5d235626

SHA256
b1089adc26ef9f6d4880a469f7233478c423db73f0514c06f21680af6ff1dd9a

SHA512
c9a937e7f941e51eea0306a63455ec9c61228214b9accc8934769737e9e694cfae6893132040dea03d2739124797631aa9f7bdb210fa35b64c923777b78ec858

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
d907638a76fec4faf29f4d807c4b8c15

SHA1
b9d87878931bad392d98ce24cd19ef7d88dbeb24

SHA256
6e9ba6fd2c2c7fc0a1b60bf2a9aa937b5fb7a2e9506255f422e48020415c7cc5

SHA512
3b7347353ff17e3d210f77077691990b314c47e28cb4dacaebf0061945339bf60a5100ce6260355bcd2b6b5db6f9e9025584f77f8739e730b2d49278a5ad5521

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
1371c1f46285e66b376005a3a9c13a94

SHA1
33825863d1248fbb1cde52b058dfbab6c3793985

SHA256
f8c8f040b292a69bb5ab60ac2e61d6134a428fbdb2a345b00a0a3d0ffa05e805

SHA512
cb9403958508e23ffc1c9de00aee369a09650d8b3859244938bb4962203f8667063d2d18c0fd3ec1d4e50e449cc805002a6fca226364ec2a1c7f097bc461f261

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
d9cbf62a96b0ed9f53231fad919cd9ed

SHA1
75ad35a88c42ab05a5da262b8d017d20826dd2fb

SHA256
d532432c4f5c327cd9383486c76b5f326f6be1eaf3cfae680bec43df56731538

SHA512
f92ef1bee7f6ce6f18ebc1bee5c1e6af6f2d9cb02bed9a24641bf2b7dd19f83c780795ff9452811a5d08b20c2a01d59bac49f3367794984ee184b402ed5767a5

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
440fa5f277c725dd863b0f86c8c31e70

SHA1
2a699ae0626f2067528e4eb922d912ca4965da06

SHA256
12c4cbfc088a22f1dbf1df2a2f7073ab52db8cb756dc24f01c62472d54c9d110

SHA512
9e0594ed09d012a8ba5fd4abad85f28f89e022747e30619ed07cfb3c3d906db622948da9ee425ae33b2e0c380f81c20c0914f3634ade774eb1d68d9fc1ff6940

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
557caa1caf0d6e9862d368b208823277

SHA1
da876e9d69c46ec13b77df27c1c89de2459f0dc7

SHA256
03eef2035e4f4cd86c576413522e2517607d5e631633602621f030a71e7a3d77

SHA512
76ffb6d9bc1ec60fcbfe0f000e5fec46e61e70e796a736edcfc7f4468b807565c916c08835987195d33be8d573b41291b66c5206dbd903080df82dd3643f26c1

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
c388b1f40cdac798d5c253dacca037db

SHA1
c07a02fb4b80de2fb8ea183abaeb5aa49581a5a5

SHA256
160168051a0145cbf073ed6a9e5e28f4abba27f09408b2b39e7edf7bad57c277

SHA512
ac0021fb313439a400b50dd3a6eec6630e9e23c59e11f55373518a29e0d2d00f87b4c6bd1c8b0a1b8e0fc582997977d5c5525ca5b76eb6216274322280350764

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads