Overview

overview

7

Static

static

3

c32e390566...cs.exe

windows7-x64

7

c32e390566...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 10:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c32e39056619328ad6c89cf91825f910_NeikiAnalytics.exe

  • Size

    85KB

  • MD5

    c32e39056619328ad6c89cf91825f910

  • SHA1

    0925c173de0d1193c1e0ca5dabb5a1c9fa625005

  • SHA256

    52019e857c1bee0d4e24eddf51ec4def1142961843a453780d1a7be6c457ae99

  • SHA512

    17468a5845796ac4afa33ce359ecdfd71801d093db881cc7e81ab3cca9d301640d8ff1426e4e7e13cc81292d209234f247ad1d4b0caf8696caa9e84ce1ef7b2a

  • SSDEEP

    768:JgO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD77aXKynF0v6cYZUJjv:eshfSWHHNvoLqNwDDGwCe6cLJjv

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c32e39056619328ad6c89cf91825f910_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c32e39056619328ad6c89cf91825f910_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    96KB

    MD5

    d5b1ca96fba3192e2bc229622ea995c8

    SHA1

    c4e2fb40a54adb15d3fbdb35469548e7f3e39b69

    SHA256

    40f814b4557c1b659b44fd40bc30f7fbb40a301dcdcd76deae3ca644c8e4d1ed

    SHA512

    04e035e66e346b64f8ae762110c08da9bf8a78ae5e088f69f616547cb13be9427e6e3bfda3b198f4845b11f5bf495b08b6886658cc68d41641ad5c5b1a9d4efc

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    84KB

    MD5

    28a6769ab83c46e920b49658307aa15d

    SHA1

    4dfd1e8bf0dd344add1148f189bc806e655f9d90

    SHA256

    2216842679dfa902f9245437b59ff4e0b65a4ed111c7c5519fd9a4ee66bebd79

    SHA512

    910521cece916e4ea02d13c1ddf9a9198365f165397fab76b5e27f721cbc50317a41d856ed32bbaa5a4893f6abda9b0b797b5c7c0fd878bc990feb9fbae25881

    Download Submit

  • memory/2812-22-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3012-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3012-17-0x00000000002E0000-0x00000000002F5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3012-18-0x00000000002E0000-0x00000000002F5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3012-20-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3012-21-0x00000000002E0000-0x00000000002E2000-memory.dmp

    Filesize

    8KB

    Download