99fd386b4932225bcaa83c5fe0e9c6c1241ba6841f9fccc302a1ef97b030b331

General

Target

d404ad5c425befad835e717bc232f160_NeikiAnalytics.exe
Size

61KB
MD5

d404ad5c425befad835e717bc232f160
SHA1

80aa41906bc40551a79beaa103a9fca73f58a040
SHA256

99fd386b4932225bcaa83c5fe0e9c6c1241ba6841f9fccc302a1ef97b030b331
SHA512

c25695dc21cf8af79314dfe2121eb0eece0aecf9a956448c66c087421f99eec18cc825de9bead2dcf14341aeb906d41ec1052779dc1e91c9949cd8a4e34f106f
SSDEEP

768:TNeJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:TNQIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4160	ewiuer2.exe
4184	ewiuer2.exe
780	ewiuer2.exe
4568	ewiuer2.exe
1236	ewiuer2.exe
1500	ewiuer2.exe
3464	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 4160	1468	d404ad5c425befad835e717bc232f160_NeikiAnalytics.exe	83
PID 1468 wrote to memory of 4160	1468	d404ad5c425befad835e717bc232f160_NeikiAnalytics.exe	83
PID 1468 wrote to memory of 4160	1468	d404ad5c425befad835e717bc232f160_NeikiAnalytics.exe	83
PID 4160 wrote to memory of 4184	4160	ewiuer2.exe	99
PID 4160 wrote to memory of 4184	4160	ewiuer2.exe	99
PID 4160 wrote to memory of 4184	4160	ewiuer2.exe	99
PID 4184 wrote to memory of 780	4184	ewiuer2.exe	100
PID 4184 wrote to memory of 780	4184	ewiuer2.exe	100
PID 4184 wrote to memory of 780	4184	ewiuer2.exe	100
PID 780 wrote to memory of 4568	780	ewiuer2.exe	102
PID 780 wrote to memory of 4568	780	ewiuer2.exe	102
PID 780 wrote to memory of 4568	780	ewiuer2.exe	102
PID 4568 wrote to memory of 1236	4568	ewiuer2.exe	103
PID 4568 wrote to memory of 1236	4568	ewiuer2.exe	103
PID 4568 wrote to memory of 1236	4568	ewiuer2.exe	103
PID 1236 wrote to memory of 1500	1236	ewiuer2.exe	106
PID 1236 wrote to memory of 1500	1236	ewiuer2.exe	106
PID 1236 wrote to memory of 1500	1236	ewiuer2.exe	106
PID 1500 wrote to memory of 3464	1500	ewiuer2.exe	107
PID 1500 wrote to memory of 3464	1500	ewiuer2.exe	107
PID 1500 wrote to memory of 3464	1500	ewiuer2.exe	107

C:\Users\Admin\AppData\Local\Temp\d404ad5c425befad835e717bc232f160_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d404ad5c425befad835e717bc232f160_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4184
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:780
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4568
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1236
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1500
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
cee27b5b9997d877f4013573880e5f82

SHA1
c38775414fe7ff3b7437e8a05b400fbbb63033f7

SHA256
f71dbbe8db367cd3b7e8c3cdf38d5cb2b0eab945a2b5760713ceb69101dd53ae

SHA512
ae7721db65735855d4e031f3f00a74b522a32f59c620d3fdc587af8a436fbb2f41445c6332a8e662455f67e2214edcc20c773a472df109210c5044e5f8c6deea

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
ab37a8ca9582621e6383959637f7e9fc

SHA1
b852fdb620281f6f5068fa55ea3329c3db1427a3

SHA256
08a0ddf86a3aa1ccb70af52baf3944aebad393055aecde1d459321ad1b1ee3d6

SHA512
10121be098b300de86f1f13a366ceb54797a651aee771f2ea1cf4038438d1fda94bfde80088434113ec863901f997b97ed50e0a32343c4ee7c96f59b86b1cd7b

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
b3b368b12312ad516119af140cceb56d

SHA1
7b9aacb2db4b43883a1ca4b696416a295fe8aa6f

SHA256
06957d089ad6493b53fb65b6db9c6c1c3f48c6559dc43d4ae7c70c1b5d485c3e

SHA512
00f834f1c35fef9afe24d69da4701224c2fb51913f19fa9932c8b03c1fb4f59e41c842440cd63b1adfef0eca4d77a72ea23099e231eb68a638cb352b5683373e

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
4b0999b9c930add041415df3321bd074

SHA1
d1e9eaccf21ff7ea6a6742f2849ca110e0f0212d

SHA256
b5e376ece7baea1a499356c71bceb3449803221ef8daf70e0c1ae14f960b1645

SHA512
7b9349e58252849c254d09b925c57a4979f18bf40e72bf5a041012310d4074dca6d8b9302d02c34f9e2c04358e2434a9a3bb7098a4f58e060eb1d2a1dd3f6f36

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
0879689ed915e930d615983be76062fc

SHA1
48efd5c0be2ef6ce757c6ca69f88dccad87cbae5

SHA256
657935ddf905f42acee8f6550ccab52aa427118746089d9626a411a53c2da17a

SHA512
d3cfd3ee02c8f40ccfe31bc73d2142934cdff45d5d6daeccb63ee6b761378ffafa56b63e1553a84265f86cb54cebe5129ff86f8577d411fea6135c490c30ff9c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
7bb580f201f4ea78ce34119c70589d82

SHA1
ab69eba0de12b91a562aa7604ed8b59223c20c05

SHA256
e9aa34d5366a52884447bf94acb889358ed70e54142de623888e41b065ac5059

SHA512
41c8a242774bd033e5b0b1741eaf3b7cab4ba5a083062e4543fa0d0254520a24a956501e4cd7b280513377521b07a85510ee86c1f3da3809457f9b993e692770

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
57c49a68953bf5828ed04f2632bdbb6d

SHA1
75bdbe9cd73fba472b63d0d8fca3121c161ee3cf

SHA256
a7be159951c8b4fc576e1fdc7236d9476e05328bb4bbd090a2437c454b61aa13

SHA512
2a6f9b170429b22dc75250ed0604b0b8f08a95189180fe4415243692c0bd8fd6448a3e750c0f90a1cb24612b067c7bf5432b158ce4a34b6c8875182384c1db6e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads