Overview

overview

7

Static

static

3

04f6f70e6e...cs.exe

windows7-x64

7

04f6f70e6e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 17:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    04f6f70e6e2536db1bc21f01feca7b00_NeikiAnalytics.exe

  • Size

    31KB

  • MD5

    04f6f70e6e2536db1bc21f01feca7b00

  • SHA1

    bf069a9f0c4227c6a07cadf7131ccf4162c25359

  • SHA256

    99a034d8748a14c9a1db848092c1ccfa5609c099e2d787ef75ecaef0f960baba

  • SHA512

    5cd9c5431339812fbe18bbd6bcb94d5e5fe71c46e5736a447caebc225527208312745d25c4881c50c4b638d17934946e37fca8ae941c112e0718217c47fac4fb

  • SSDEEP

    384:c3//2DmnWRgcf6Oo3L1tGaygYCNXrqGKfMwzyZrzj8Q:aKJ1uB5hNbkfZzu8Q

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04f6f70e6e2536db1bc21f01feca7b00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\04f6f70e6e2536db1bc21f01feca7b00_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\emmpp.exe
      C:\Users\Admin\AppData\Local\Temp\emmpp.exe
      2⤵
      • Executes dropped EXE
      PID:2052

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\emmpp.exe
          Filesize

          31KB

          MD5

          c7a93e8bc4d5a47cda2613fc975d8911

          SHA1

          37c1bedd5143a4137a5de01278dee418581d844c

          SHA256

          fbe62b24282fb8e07c53a8883dbb0a290f7d0bb2ce1f22d249ca7f82fcf2fc5b

          SHA512

          b76982545edcfc7af5c492baa5dd784ac1fc6de1c54e86c2fe28b135d6422789114572dbef08fe1a25379a7d9f317fed2aa3851f68d9703ccd379aead6ff6193

          Download Submit

        • memory/2052-10-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2372-3-0x0000000000401000-0x0000000000403000-memory.dmp

          Filesize

          8KB

          Download