fe6db207e456f8b81d2e0fb2d4320b460e5ad37bf464b20fd0df7ea0b57f7da8

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29266e2f82c49a19a41d0360c99224a0_NeikiAnalytics.exe
Size

65KB
MD5

29266e2f82c49a19a41d0360c99224a0
SHA1

88ca8019b485cde54af9fddab00169e53e59ee6f
SHA256

fe6db207e456f8b81d2e0fb2d4320b460e5ad37bf464b20fd0df7ea0b57f7da8
SHA512

bed94fd6e73b6b900ce47023942780f7a1f443e13eb17711e946c1889bd295cfca71aea121c7814be9acdbc9934f845a4c030b1c463943d6b88e2faf4ca8c257
SSDEEP

768:0o5JIvFKPZo2sFEasjcj29NWngAHxcw9ppEaxglaX5uAj4:vvIvEPZoZEad29NQgA2wQle5M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4160	ewiuer2.exe
2588	ewiuer2.exe
3396	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 4160	3724	29266e2f82c49a19a41d0360c99224a0_NeikiAnalytics.exe	83
PID 3724 wrote to memory of 4160	3724	29266e2f82c49a19a41d0360c99224a0_NeikiAnalytics.exe	83
PID 3724 wrote to memory of 4160	3724	29266e2f82c49a19a41d0360c99224a0_NeikiAnalytics.exe	83
PID 4160 wrote to memory of 2588	4160	ewiuer2.exe	99
PID 4160 wrote to memory of 2588	4160	ewiuer2.exe	99
PID 4160 wrote to memory of 2588	4160	ewiuer2.exe	99
PID 2588 wrote to memory of 3396	2588	ewiuer2.exe	107
PID 2588 wrote to memory of 3396	2588	ewiuer2.exe	107
PID 2588 wrote to memory of 3396	2588	ewiuer2.exe	107

C:\Users\Admin\AppData\Local\Temp\29266e2f82c49a19a41d0360c99224a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\29266e2f82c49a19a41d0360c99224a0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Windows\SysWOW64\ewiuer2.exe
      C:\Windows\SysWOW64\ewiuer2.exe /nomove
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      PID:3396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
9da7f908d70bd1d130d5bb45f9212c3f

SHA1
51c12295b6394a8d87655bd552c07469275c32e3

SHA256
5aa90c948803895ef8ddbdd2891b374f7b02e304a4ba3fc3e7945413d7d2b840

SHA512
614ade69b01e2e0907c6eae6283cafaab9b87db48735830141a4f6f1260f5e03d82ec75a4185c1e9cd11f163220d9c85a60f85eaa4a9fa90bf689809cadb6b80

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
d1cd16ea7158ba8564a68ea9ad602153

SHA1
2a928acb979278fac7a1cf0b9432ca85a8ed64f7

SHA256
0d4c5ab7369dbbd952ea2a69dbd5a66e21133d7819ea440ae600424f76642b39

SHA512
72b2a2792f5850ae71f9a224fed1d66ce716978324e97dd9aac51d9f6341411230abe7d32333a050dae37c3ac0b27ff5bc511b088c57303dafaefd9b1b9b9d28

Download Submit
memory/2588-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2588-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2588-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3396-17-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3396-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3724-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3724-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4160-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4160-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4160-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads