Overview

overview

7

Static

static

3

6623ce46b0...cs.exe

windows7-x64

3

6623ce46b0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 00:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6623ce46b0b07f8ad17cbc3cba098160_NeikiAnalytics.exe

  • Size

    464KB

  • MD5

    6623ce46b0b07f8ad17cbc3cba098160

  • SHA1

    9ad2e8e59fbaad77ee22ca5886006a71f67ae085

  • SHA256

    7e068d0b8898141ff978e466bff5781a6af316c7b53c312078678eedd17d9e26

  • SHA512

    2d0d43265accf7684dd5a5c5ca50be67f5a2844e42d96201559cd5610a37ac5a2671972a9dc042ee4c0fc1748c1753a3b6c3fabe70414ce37be44a8fc83b2175

  • SSDEEP

    6144:+x6iVRLGDZLdHbTLvSAuYC27NkoTD/Eyf/To1ysI5uw7+WJz6lyqp3U+iyPmyQCf:8F6v73qbL2vnTowJ6Vh+yPQjrfcFT

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6623ce46b0b07f8ad17cbc3cba098160_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6623ce46b0b07f8ad17cbc3cba098160_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cbsupermarket.com/society & culture/philosophy & religion/god-life-chapter-book.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2280
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3008

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          01ceb6238169e437de37e8c37453b08d

          SHA1

          ae6ad85afd5436bbbf592f9c853f85d7708a27b8

          SHA256

          e7590ed94a494f41ba7ebba1cbfdd002b429f649b5ad0b63b55ce98265e05caf

          SHA512

          04973616931a58d89eebb68b19ebd524c4c4d0df0d8eb94e490e98e8b7f9cb7ee05616856f695c831cfa05bbf2bf8a98070f47cd90194f365baf07212c0a04d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2831d1b28ccc17c202ac8e244777e6f3

          SHA1

          b9816797dff020ac58b1e139210da711ce344e79

          SHA256

          9d9c3837c0817ea11eec104ab41e14805b9662db9ec6a9ca57ff7de0734f3cf1

          SHA512

          e0ac3c4cdb1ae51d24c169fbc891fc2e55003003c0f38cfef54d8f133de25a44366695b83322a45f54494e74e4395f7720e9a02b1e21336cd2712d4870775e36

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ec045fc3176f4ddcedc4ab05a7b879d2

          SHA1

          9854ccf1034ca0c4249bf2963885c383ed4ee4f7

          SHA256

          8c1c7e47df6aa2686938e4af855f27bf09b90219f01643b08cf9a95704ed5e5d

          SHA512

          f59be82f7497eadd72f1ee9717614595cf98687423bf64da616766f1210273fa0557c6568c7d2b502ac0a972f09ce2527a4735f3c096597eb129936039a9022c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8b77293e320cb9bac2b3138c88ddcbec

          SHA1

          7e7a7d770fb463aab7a0fed9f22831ad17ee73aa

          SHA256

          8ae0846b44e12b4404a59b961c54ae0b6316a7e1d7ae610d52762bbc796febf3

          SHA512

          3885872bb5bef1826ab3dc114ca05af4011d26f231721deb9cb7754f120d872f275d8a4e9bf5f7e9a21c55ade7d3eacfc6afd994b059faa477dd3c1d6089def0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          adb7dd3171ad0bec877c216fb54bb812

          SHA1

          7b60382ab649436184412d6662b8e849dd6fe401

          SHA256

          bade5844ea0a54a46777c7ec03bf624ffb37443bf0b33a82b37ad76d9ec5b793

          SHA512

          8218449bd0ae805c32d74e511bed8e1fd11f40316ea34d8acc66357e4c5b7714009cdb415bbf233f1677de1e8f05fd7fdadfa1b32d97e44afd9329e2e687f048

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          247e011368031f54f78abca2f6454bf0

          SHA1

          8021e9fc2a2cf6cac644e58bfe03c428281cc23a

          SHA256

          b4a853aeb1805b5db0e3653638e806a1d3439325d20ba93ee4a2409e27c26b66

          SHA512

          820df40f7922a79c44c4d003bfabcecd29acce3fdf51fe0f56782c390b15dfe7f229b6d11d4c5263a27b7ef4dad05b52cc78b26375646a2dc8660213de1e970c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4b48984364aab713e4f7318675f1b9fe

          SHA1

          55aebe9c93edd7a06373d958db24a1c2fdbad0cc

          SHA256

          f170f54123bc8a67f14619ddfbc017102c1c3b36aee23298f9398d2c5a27653c

          SHA512

          ed71d20660cf5f3da968f832b58f70a779c48fb80595f051bf51618d1ecd754aa435b34479b2169703703997ed485f82e27887a38c9935a5f5c47f690e0fdd45

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          afb0e56fd7f5d10d1ea95ac2bc8608e7

          SHA1

          909f3721adfdd7ee30931830bde2b36245a29db5

          SHA256

          8d3a04f2da55e03380d39ddddff832331e268a716c4c7ff2c04d959a4f0fbedb

          SHA512

          cf75c61952cf25af8c7fc30cb6bbef0ba37a059862af476747d2eec01740934c02e4e598eae27ea656c8358927877806017d5cbe136f40b7e6de0d1941d386d9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          725e8c0ef5d152bdc6b5f9517350c5d8

          SHA1

          4d02c155e53ed615a8265187a68d0c54ddb772cc

          SHA256

          88505cc70734689f67d7e4d007f9638e0c81ca1dfa8a246ecde3f1f5f2f6db1b

          SHA512

          f27d3d4803d4c72b873f2a9fe5623795f1c696881f548da0a9d38ff10613ffdca06d2adf7950c4f9a46e62f0217cde8fc230239ca827c27dcae8e724b5c33dac

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3DFB.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar3F1D.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit

        • memory/2872-3-0x0000000000400000-0x000000000047A000-memory.dmp

          Filesize

          488KB

          Download

        • memory/2872-0-0x00000000003A0000-0x00000000003A1000-memory.dmp

          Filesize

          4KB

          Download