4906957ac9a1f55a1a033f7d6064a6cd18007ab59262f0999fd22958ab654dd3

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe
Size

27KB
MD5

d816600d833dcce24f9bd9783e934170
SHA1

8455ae8bbf722419127cda9cba143ecc179be0d0
SHA256

4906957ac9a1f55a1a033f7d6064a6cd18007ab59262f0999fd22958ab654dd3
SHA512

149fd57df238a33b2a7e38343ddc6e6638f4b1262033aa166a5625c53a0de87bad018604c9bfda4e27b841f203f96274c1b8925c230f3e865c4cf7c0eea74c4e
SSDEEP

384:Ih6KFEfaW4PeBkx0fc9t5rx/seYHuT5M+FyFm69DZV5kYDtNE/vb:4GiWRkx0fc9tT0eYiFyFm69D9kYRNY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1912	lsase.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1912	2008	d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe	28
PID 2008 wrote to memory of 1912	2008	d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe	28
PID 2008 wrote to memory of 1912	2008	d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe	28
PID 2008 wrote to memory of 1912	2008	d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\d816600d833dcce24f9bd9783e934170_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\lsase.exe
  "C:\Users\Admin\AppData\Local\Temp\lsase.exe"
  2⤵
  - Executes dropped EXE
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\lsase.exe

Filesize
28KB

MD5
183e99fff249b6cec1c403e614a5013c

SHA1
038f611ab2832cd269ce77cbd4f6f951077d986f

SHA256
bf0fdc785cb7966a66940d3da1ae7bfc442a63d3ed5a2af2d62219932d03b5f7

SHA512
1c7c79ed5b780fce1220d0aea3d3622a445407a280a967f1c30e6683228c4bb775b5d2487d53b79a84cea4e86b2f1e84fd9299ff15e9c6cfcacedcdbf12e43f2

Download Submit
memory/1912-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2008-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download