Overview

overview

7

Static

static

3

b001add029...cs.exe

windows7-x64

7

b001add029...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b001add0297e5e8a567ed9db70465990_NeikiAnalytics.exe

  • Size

    87KB

  • MD5

    b001add0297e5e8a567ed9db70465990

  • SHA1

    91af432f50168635a22a9751b313a2f3e67c0528

  • SHA256

    9420c83e21540f8e693a54068f4f4842e54aed76329df115efaa6d1fe2ce1c0d

  • SHA512

    97bd208ec20086ad680a254fc47d25bdf1d231e57690dcd0ba898d9f0dde4e660df33171931c7309d3153f0ad119399703fa95b1728eb09220ba2b3ef13b7114

  • SSDEEP

    768:JgO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD77aXKynF0v6cYZUs5JWA:eshfSWHHNvoLqNwDDGwCe6cLs5JWA

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b001add0297e5e8a567ed9db70465990_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\b001add0297e5e8a567ed9db70465990_NeikiAnalytics.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:5096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    94KB

    MD5

    8ee3021c2531405a2e26dea7c7beb0e1

    SHA1

    b689a32b863510c42cc7f45bc34e4c5c4abf0c4a

    SHA256

    8b5736e1270d89fbfb419079baf95876c4fb5b83745f8ebd29a21cd84029b773

    SHA512

    d62e7b43b2c3016d50abd8823110ce68603de24a947dce0b19db62a9bc338852f78f0393a4b9f032e2577aa983f85b04c4fe50d2d110dd44018b580199247b21

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    94KB

    MD5

    58ba89d266fadb919d152adb09db0cfd

    SHA1

    8e09c763dbe60eea5f3586abd941c2e2df84ab5c

    SHA256

    e8da184bdb364b8632aa1612e2f2ef7712d66d8ac385650f946ea984fb2208b9

    SHA512

    5d5e33754805e0fd64f765a7ee415a76f6cc4690ab54a05d0faa42f76f26efc4d2f7873121e8a3933bc831bf9c04c5ab805a3fe533062fdaae06a66f7c6e3a01

    Download Submit

  • memory/904-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/904-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/5096-14-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download