Overview

overview

7

Static

static

3

c333df1ba9...cs.exe

windows7-x64

7

c333df1ba9...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c333df1ba9325d463f93523ef5039770_NeikiAnalytics.exe

  • Size

    28KB

  • MD5

    c333df1ba9325d463f93523ef5039770

  • SHA1

    8b5bdff317de1351b172440776ca7d2025e52dd0

  • SHA256

    74884609aab640b008d9def532ac38017bbfe1798546c711149a599ae45f1a2a

  • SHA512

    f60891e40fa7af2d8158c437a41ba8eabbbbfb3700a26c9dd22554e5cc07e088b3e1e548f10f41e9e2530b89ea94d3528e4408bf88d12088e4eca6ae24f973bd

  • SSDEEP

    768:PVEHJqjHyGvwFylDpulVSQJrE/2QmlCYZUTnO7Dw:PH2nylslwHCCL1

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c333df1ba9325d463f93523ef5039770_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c333df1ba9325d463f93523ef5039770_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    28KB

    MD5

    7dc6c69cdeabd79aed85ee7e1edfc72d

    SHA1

    cc3a4dbe97d971e2dd98952f461a45a978279c1d

    SHA256

    91b0b394025c93c513853c91731cbee846b15279bf2a261cca3fd2b77dfd47ee

    SHA512

    c259a77db152d44ab8d3ae1a0f4939968cca4eec186a4bac44d7bf602fc2ea5226cc605910c20aea633c6ef5d7dbf80ef4ee7ce732d83fcdbc4065fe9e9b379c

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    30KB

    MD5

    12746c7f175d36190e26313680b1613d

    SHA1

    f9557b027d3dcf0eea6f9ec2147f82035373f10c

    SHA256

    6de48848e663fc7917819dd4d788ed619e516bd9ad05f395f236239147f4f503

    SHA512

    9b7028af68d623e1c18d12cfd4c1e6f5d57c2b4705f7eff0577c318ad9e6fda29628840ae84d6d1148e2a970b98bb88d057475e6b51143ab15f753a09ff9138d

    Download Submit

  • memory/2128-21-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2128-17-0x0000000000290000-0x00000000002A5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2128-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2128-19-0x0000000000290000-0x00000000002A5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-26-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-29-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-24-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-25-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-20-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-27-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-28-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-22-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-30-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-31-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-32-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-33-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-34-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2720-35-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download