a7e41312ed0ee8dff6b077946d071a4e0ab99c0f5f9eb904b257b27e6a8405d5

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 22:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe
Size

29KB
MD5

4404a790a9f43e4eff2d9d0e7c2a0df0
SHA1

1fa5d4d964c4ade20d680c7a30ab5cc51d1b6e39
SHA256

a7e41312ed0ee8dff6b077946d071a4e0ab99c0f5f9eb904b257b27e6a8405d5
SHA512

1a0b399dcbef7742c3b419e2518cc44e2f67f7175306e9a583a60e36b5d311abfecf13dd274c2d7db18ef4139f68fb9e420eaca6d602382e44a28548d7aeca0c
SSDEEP

384:XQoEmqWUIn+MUwjvehBT6A64FMLmty7lnajojGCZDSHw:XQEqsn+nwjWbOA6YMLLlnoKGCZOQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	psie.exe

Loads dropped DLL 1 IoCs

pid	Process
2884	4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2900	2884	4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2900	2884	4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2900	2884	4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2900	2884	4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4404a790a9f43e4eff2d9d0e7c2a0df0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Users\Admin\AppData\Local\Temp\psie.exe
  "C:\Users\Admin\AppData\Local\Temp\psie.exe"
  2⤵
  - Executes dropped EXE
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\psie.exe

Filesize
29KB

MD5
1a75f805d8dbf44da3676bd06f54aed8

SHA1
766cc0bf62eae2c53da42f5eae6f5f064f1ba2a3

SHA256
d67c3e3d153dc4bef6e71fc85d07b96b5be0792da3294d3cb96130228486eba9

SHA512
aaeb33854369bea0a1d835a05ac27b5034902a3ebc4b365eb457e85dfc5c6a08a7cad57da35c69ce9f756cbfbb54bccb5f2ac4e91fc61d458bcd86a5532d6e42

Download Submit
memory/2884-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2900-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download