Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-05-2024 11:05

General

  • Target

    cd73e3a960a03c595519b6f5eeee1960_NeikiAnalytics.exe

  • Size

    20KB

  • MD5

    cd73e3a960a03c595519b6f5eeee1960

  • SHA1

    fbc6ed97c242cb237ac3ea27bebff3695f74a376

  • SHA256

    8c4e9ae503c92c0f0ea9510c00865f87d98e7d627ff3249a8fd944d377fe2395

  • SHA512

    d56f3e42bf641a2cfccd4adfca4bc3bfa51a6598410227059ed46a01caad6ead7c17e3e5c1e318c5651b35909e217c5eab752225f7df3e9ec68d0e1ca444ddb1

  • SSDEEP

    384:bx0C0xqjI6GQGkt1+NMxtMZ/P1UjNrK8m3z2whTQ:2CAqjWQHf+7Z/PqjFK1j

Score
10/10

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1196
      • C:\Users\Admin\AppData\Local\Temp\cd73e3a960a03c595519b6f5eeee1960_NeikiAnalytics.exe
        "C:\Users\Admin\AppData\Local\Temp\cd73e3a960a03c595519b6f5eeee1960_NeikiAnalytics.exe"
        2⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2876

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-0-0x0000000002E10000-0x0000000002E11000-memory.dmp

      Filesize

      4KB

    • memory/2876-3-0x0000000010000000-0x000000001000C000-memory.dmp

      Filesize

      48KB