Overview

overview

7

Static

static

3

d3fd6844dd...cs.exe

windows7-x64

7

d3fd6844dd...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 07:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    d3fd6844dd8f1105559e6e01980a27e0

  • SHA1

    34103f02ab37bed0a8135cb1178069e905b161c3

  • SHA256

    81b59c92fe876fc1363ec344e724a4e4e360509ce68baed64e5bc946077a897d

  • SHA512

    d26e0bed403927fd7d7bb4508e84170c4a3b9cd5d34931e6b14f5659a29b4423f68aa5f2c408e460dc971a7f3bcab0d20a9cba2de8c62d0e6f1d7d21c267c3d2

  • SSDEEP

    1536:hb3MNVP/sgA2JK5QPqfhVWbdsmA+RjPFLC+e5h+0ZGUGf2g:h+JkkNPqfcxA+HFsh+Og

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d3fd6844dd8f1105559e6e01980a27e0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2260
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2272
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 00.exe
          4⤵
            PID:2392

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
      Filesize

      73KB

      MD5

      8d4d2472e3a63e07a1adfd8b7e65a32f

      SHA1

      abc00206672c98601e8bd8ad93cb163b60e1160b

      SHA256

      7b342e542582c18eef6da3ea31f79284f5d5c7c0148be0841e6b06ca21e38af7

      SHA512

      dc4b3bc86757fe23431793b097d6a7cd0a10fccd10f6c11e567a8446e2d804490787081945f140ee8b769f54a66d92d8737788c015ec31d799f076ecf59c0f99

      Download Submit

    • memory/2164-11-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2272-10-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.