Overview

overview

7

Static

static

3

d53d6861b6...cs.exe

windows7-x64

7

d53d6861b6...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 13:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d53d6861b69ab5b9b5cd3a979134e870_NeikiAnalytics.exe

  • Size

    218KB

  • MD5

    d53d6861b69ab5b9b5cd3a979134e870

  • SHA1

    b2b4715b6950ed44e7e261d4b71fa981a7e24842

  • SHA256

    cefb83b6301edc6c2e7bfb7269e41dcb40bd842b4371eb0c322e44e938d6a9b0

  • SHA512

    4a9f01df2c6e5e55dd5cec914de380614dae574435d15dc766a5a2b680c1b8f4b3f4d190deae12a97a7f293f0ed21536379a1b1843803fa27ff50bc6c73fd53f

  • SSDEEP

    6144:TkI2qan24W5Hhw6m2voc/9kKGdcx8VOMF2k/Jrl:ahLK9kSxUOMF2qJrl

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d53d6861b69ab5b9b5cd3a979134e870_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d53d6861b69ab5b9b5cd3a979134e870_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\d53d6861b69ab5b9b5cd3a979134e870_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\d53d6861b69ab5b9b5cd3a979134e870_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1672

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\d53d6861b69ab5b9b5cd3a979134e870_NeikiAnalytics.exe
          Filesize

          218KB

          MD5

          1e44a67cb1b017cfe2f8784cc451b2d0

          SHA1

          c3f2060d51686321593e482bda33e0a8dc452912

          SHA256

          872261acfb42ecce124cd48daef5e140df476e00fd112956f161dee2a93275c6

          SHA512

          b70de9912ff201a005729d8863f60b272fcff1922c2ef7a95fc14f736a9a2c08704da3e934c1d5836b0a1026cb13ba52bde79f3abbe19a56e6d4d5a8611fffc9

          Download Submit

        • memory/1640-0-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1640-6-0x0000000001450000-0x0000000001493000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1640-10-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1672-11-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1672-12-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1672-17-0x00000000002E0000-0x0000000000323000-memory.dmp

          Filesize

          268KB

          Download

        • memory/1672-18-0x0000000000400000-0x0000000000443000-memory.dmp

          Filesize

          268KB

          Download