Overview

overview

7

Static

static

3

d83288937e...cs.exe

windows7-x64

7

d83288937e...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 15:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d83288937eb6ff204a5b73c09c7cded0_NeikiAnalytics.exe

  • Size

    6.0MB

  • MD5

    d83288937eb6ff204a5b73c09c7cded0

  • SHA1

    4f817ca1feaee6a384ec2de7e444e4826f1b639b

  • SHA256

    8ab891fbdf2a2ae4754bd50342e4f91b6bf2153c5c83bb3b5f37f47d631a516c

  • SHA512

    70dd0738de9b1fcaa61d4ca4166187de1da60649d0dc5291415f7ba108f9e3ce858390234ccbfbd20ca58314095b3105c5952deb01a52beaba29f28657bfd0c2

  • SSDEEP

    98304:emhd1UryevoaiICbHZYK+V7wQqZUha5jtSyZIUS:elPPiFLZYK+2QbaZtlir

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d83288937eb6ff204a5b73c09c7cded0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d83288937eb6ff204a5b73c09c7cded0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Users\Admin\AppData\Local\Temp\B08.tmp
      "C:\Users\Admin\AppData\Local\Temp\B08.tmp" --splashC:\Users\Admin\AppData\Local\Temp\d83288937eb6ff204a5b73c09c7cded0_NeikiAnalytics.exe EF87A0CC82D022A851B7E1ED74D4F5B1458D5EF1CA6F687F1A94FFFE7A9DF529E77445BA31B826365A944D3F9C82D5502AA97ADEE2D9CE1B98F02B073BC9F27C
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1952

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\B08.tmp
          Filesize

          6.0MB

          MD5

          2c01a1e3a043018055c0d680fcd6f721

          SHA1

          f641936211de7c17b95f8bc23fea9e90f6ec71db

          SHA256

          9e8386a58eb3dd485842e4f0c4dda9b1cc0f74739863274cfa2db48e3909aa42

          SHA512

          beb38fa4ebcbba1b2c6386a30ea5719850f53328092785b44c3c2c14db759fd828605ab92d7881c441b829c8b6de1de325beb223aa7f668f7c6b1cf4c94534ff

          Download Submit

        • memory/1952-9-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download

        • memory/2284-0-0x0000000000400000-0x0000000000849000-memory.dmp

          Filesize

          4.3MB

          Download