Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 11:31

General

  • Target

    dcbca8277341b00dac3599b06b67ca20_NeikiAnalytics.exe

  • Size

    131KB

  • MD5

    dcbca8277341b00dac3599b06b67ca20

  • SHA1

    d7089c4fe9646850c554b806e251bfafd28a264e

  • SHA256

    082ff2d6dbbdaeb8fa6b96f0d0be87daf8f28a709d8e90fb204a3a4138e792fc

  • SHA512

    a795b5ff11cacb411e5164ac2bc0c2aac53c67875ed81e8dad71688d8c8d55f806707fcb3284ab1d1be61883ead3b329cda62a7ef71cf7a989b41bc8859dfc3c

  • SSDEEP

    3072:88VVMCh33UW0BoHA6NQuO8flJWbI1G9UKqCcrdLB3oKdGCH:5IC33BOev/39I

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcbca8277341b00dac3599b06b67ca20_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dcbca8277341b00dac3599b06b67ca20_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Users\Admin\AppData\Local\Temp\BNyMUH.exe
      C:\Users\Admin\AppData\Local\Temp\BNyMUH.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\13121d83.bat" "
        3⤵
          PID:2676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\k2[1].rar

      Filesize

      4B

      MD5

      d3b07384d113edec49eaa6238ad5ff00

      SHA1

      f1d2d2f924e986ac86fdf7b36c94bcdf32beec15

      SHA256

      b5bb9d8014a0f9b1d61e21e796d78dccdf1352f23cd32812f4850b878ae4944c

      SHA512

      0cf9180a764aba863a67b6d72f0918bc131c6772642cb2dce5a34f0a702f9470ddc2bf125c12198b1995c233c34b4afd346c54a2334c350a948a51b6e8b4e6b6

    • C:\Users\Admin\AppData\Local\Temp\13121d83.bat

      Filesize

      187B

      MD5

      8ec61506c804c7f274b93f998bf202ee

      SHA1

      b2c491c667c44bad14859a29cafc199c9219ec93

      SHA256

      63a2963eb58734c8c0e2e4d8c4ef3391e3d3f65e7965069056ff6c8e40d257fd

      SHA512

      1775ac5e288ec15a1a8d4d9f7e7c23764c84c2fb9ec57b2fd5c252fefe098e2ce73a6363af0f1f68caad375194dac204979f2b261b08b75d01d27a431997257d

    • \Users\Admin\AppData\Local\Temp\BNyMUH.exe

      Filesize

      15KB

      MD5

      56b2c3810dba2e939a8bb9fa36d3cf96

      SHA1

      99ee31cd4b0d6a4b62779da36e0eeecdd80589fc

      SHA256

      4354970ccc7cd6bb16318f132c34f6a1b3d5c2ea7ff53e1c9271905527f2db07

      SHA512

      27812a9a034d7bd2ca73b337ae9e0b6dc79c38cfd1a2c6ac9d125d3cc8fa563c401a40d22155811d5054e5baa8cf8c8e7e03925f25fa856a9ba9dea708d15b4e

    • memory/1728-0-0x0000000001090000-0x00000000010B5000-memory.dmp

      Filesize

      148KB

    • memory/1728-4-0x00000000003D0000-0x00000000003D9000-memory.dmp

      Filesize

      36KB

    • memory/1728-10-0x00000000003D0000-0x00000000003D9000-memory.dmp

      Filesize

      36KB

    • memory/1728-14-0x0000000001090000-0x00000000010B5000-memory.dmp

      Filesize

      148KB

    • memory/2864-11-0x00000000003D0000-0x00000000003D9000-memory.dmp

      Filesize

      36KB

    • memory/2864-36-0x00000000003D0000-0x00000000003D9000-memory.dmp

      Filesize

      36KB