Overview

overview

7

Static

static

3

c32e390566...cs.exe

windows7-x64

7

c32e390566...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 10:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c32e39056619328ad6c89cf91825f910_NeikiAnalytics.exe

  • Size

    85KB

  • MD5

    c32e39056619328ad6c89cf91825f910

  • SHA1

    0925c173de0d1193c1e0ca5dabb5a1c9fa625005

  • SHA256

    52019e857c1bee0d4e24eddf51ec4def1142961843a453780d1a7be6c457ae99

  • SHA512

    17468a5845796ac4afa33ce359ecdfd71801d093db881cc7e81ab3cca9d301640d8ff1426e4e7e13cc81292d209234f247ad1d4b0caf8696caa9e84ce1ef7b2a

  • SSDEEP

    768:JgO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD77aXKynF0v6cYZUJjv:eshfSWHHNvoLqNwDDGwCe6cLJjv

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c32e39056619328ad6c89cf91825f910_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c32e39056619328ad6c89cf91825f910_NeikiAnalytics.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4708
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2024

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          90KB

          MD5

          1429ef3a5ca69a6fd121aebe238b02d0

          SHA1

          db890bd1942cb04062cdb66a790704b0aa9f257f

          SHA256

          bcb8f2acb14c1fbc5a25cd4ece2a304590c0bd33ed464a2ee669011e09e28aa9

          SHA512

          acdc0f70503f13d6b78fe719650730c4c5a8677a07d2a1181e9294f59909303cc86ad3f80f260a354952cfb9e20a14d6ff9b8d3db15af9f8bd142b15188e54db

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          95KB

          MD5

          e72819a27f78bc62138c92900dcf7b32

          SHA1

          c15ee241d2c692a44438a2d89088edccf34bde01

          SHA256

          55ec2a90244ec54c38232b2f483f55a5961b58b556463e042a08ea666b8d8413

          SHA512

          069b5bd7c787b0df7f0bddd1973c9386a36b5a9d00da2b5141916c37f31320b9388782e0eddfeeb2430efb8500b029c977f4f74a58bd69b6cea04c41567d7ca9

          Download Submit

        • memory/2024-14-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/4708-0-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download

        • memory/4708-13-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

          Download