Overview

overview

7

Static

static

3

e14657e026...cs.exe

windows7-x64

7

e14657e026...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e14657e0267127855ce19582a8a63cd0_NeikiAnalytics.exe

  • Size

    203KB

  • MD5

    e14657e0267127855ce19582a8a63cd0

  • SHA1

    6d5a2bfb20e89b5c0f65c1f77508873766eb86f3

  • SHA256

    d00ce90f9e8b2e8e802a7e87b3acf5f88c907eb579ed77e8f60a7d37f60d5419

  • SHA512

    c6f289c36592edd0095db3fea96160a912ef281764972949edfb75e20b15010948dbb71cf951975b90a4887680304b1bebafb25c96901c9deca31ae2f34db801

  • SSDEEP

    6144:k/cIsdGrifIzVsB96/61fct7pZlxHaubLDG1B78:k/cIsdQifMW7CNZlxHaubG1BA

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e14657e0267127855ce19582a8a63cd0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e14657e0267127855ce19582a8a63cd0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Users\Admin\AppData\Local\Temp\e14657e0267127855ce19582a8a63cd0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\e14657e0267127855ce19582a8a63cd0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\e14657e0267127855ce19582a8a63cd0_NeikiAnalytics.exe
    Filesize

    203KB

    MD5

    b76edf574e69c1d02487e9772983d442

    SHA1

    de3fdb3a22d600a234714d4887e2c1b5ea791bd1

    SHA256

    0700f9eb831eb55de5de9d978f06136e003c987773b95da4c9842ce1b1d6622d

    SHA512

    6620d1c209528f74c6d669f64d70d777abc96231c6090140a3a88a362b3777f356e127e521db99247b5a12cf9c097e97fb5bade3606427b6b4f44cd9cfb0823b

    Download Submit

  • memory/1496-11-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1496-16-0x0000000000170000-0x00000000001AF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2812-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2812-9-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2812-8-0x0000000000130000-0x000000000016F000-memory.dmp

    Filesize

    252KB

    Download