d532220a7e22014589d51e4a2b926e0098e55ce512b9b53dab21fca882a45b13

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe
Size

28KB
MD5

ce9d6ae441e02255341bca75ec6fbdb0
SHA1

6edb903b581b68d7bed38919392278b962d3eb6d
SHA256

d532220a7e22014589d51e4a2b926e0098e55ce512b9b53dab21fca882a45b13
SHA512

87d8b429095c59a3462dff7dd83dfdd7d3f04d7b5e3bb92ddaf9111b0fb119325255b428385b4991d3a14b8ad07f253e0e8c0b3cd26120db38748d89d6c51cb0
SSDEEP

384:6EJ7osKQ3wK8ZL2lQ9/sF1666666666JJ7UueqrDjFvbE4EUtKK5YMIglopB5m1g:/8sJAnZCQBwuUuequ7UUK2xgl4sVZKz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2600	justupdater.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28
PID 2168 wrote to memory of 2600	2168	ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ce9d6ae441e02255341bca75ec6fbdb0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\justupdater.exe
  "C:\Users\Admin\AppData\Local\Temp\justupdater.exe"
  2⤵
  - Executes dropped EXE
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\justupdater.exe

Filesize
28KB

MD5
7d2ffa987304376e8f43ccfe3924a65b

SHA1
7b7fbc11b8ffac79038b759b42dd588d9b199216

SHA256
b3bb613fd0912ec104500c40e495fb678bae0ab54d79d0a1de7457683c20e64b

SHA512
4a5981493e497c2f2638ede65c242044cb70cef2defce463946d067b3e91e35f87b3ce4de0c5d74ff8379b2f6296f946d43d5db229b5ed9ae6da949abbb032fb

Download Submit
memory/2168-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2600-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download