Overview

overview

7

Static

static

3

dfcb801ba7...cs.exe

windows7-x64

7

dfcb801ba7...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/05/2024, 13:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dfcb801ba7438d1c2cac94579eb0ddd0_NeikiAnalytics.exe

  • Size

    223KB

  • MD5

    dfcb801ba7438d1c2cac94579eb0ddd0

  • SHA1

    2fd3a40f5b88fc77efdf7ea6c381d7e55c05817a

  • SHA256

    7a12a10bf437bb48e298987ec7d2d0aaaec509da1893185d434f44906ed13128

  • SHA512

    af2a7ed2f04149333a412e1f449856cd09fd7146e6cf0554df4ddb389ff65e4c347a87753593deb962d52cbd67c33024fdea864aa1de5c437cccadbe964cc75d

  • SSDEEP

    3072:kHW4C4ZAZk6AMVOj/mKMV8Ciu1pWYTYxH3L+EHQCZLPhsX9pn4:zPJsgx9MK2HbdZbq9pn

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfcb801ba7438d1c2cac94579eb0ddd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\dfcb801ba7438d1c2cac94579eb0ddd0_NeikiAnalytics.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:584
    • C:\Intel\WMIC.exe
      C:\Intel\WMIC.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4204
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3888,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
    1⤵
      PID:3624

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Intel\WMIC.exe
            Filesize

            223KB

            MD5

            4eec4526a15d41874df893ffae911202

            SHA1

            0ca2b22afd6e15848413ed7160f1b31470fbad30

            SHA256

            367ae983e72d12af90e82878e59de16be881aa79adb71874b1bd8a2cf3283daf

            SHA512

            6eae99c5de10bf725a85bffc33a59b67e4df38c26349ca0a794e29261b8e7428170fa174a142315eb7c678992cce5ae8b92557af21eb45e965cd32cfdbdcdfbb

            Download Submit

          • C:\Intel\tmp-0.bin
            Filesize

            8KB

            MD5

            52fe4232bda48a60278960fa801a6586

            SHA1

            b169df7820aa3be52a4626a4e9ad9229f12faa58

            SHA256

            d1d1eebbf8cebfe88c5fce3e878bf31b567efbbf003187c1b3c4da2d1f37635d

            SHA512

            14a034d7d9bbf907cb5de9eaf55bd4eab03fd0f66364518174ba698e91255a0867371c068d44b2c9dbb705ce9f8d3d456b7651f1d96b83cccbfe5251e624bef9

            Download Submit