Overview

overview

7

Static

static

3

e8f58028be...cs.exe

windows7-x64

7

e8f58028be...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17/05/2024, 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e8f58028be8d8782c2d7a332c35b82b0_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    e8f58028be8d8782c2d7a332c35b82b0

  • SHA1

    714b4027afbc0979504bacc00b6c2f06d02e4e8b

  • SHA256

    97924419440cd362085d6178158924620fa78c19b57fe7f6dd6df8f0c2b7ae32

  • SHA512

    9df772c04cc71dc9c599127aa6aa0779e2f6628ef9e36808344d567f647471388503f31ea2923bd2708f34c4583b8175c1f27819c9611f44859bdf9b15eef29a

  • SSDEEP

    1536:1K7ylw2jlA6WBRCJKObnTNBbJ6I4WMJvdDlQDhI5erKT3Fg1:c7H6rbTNSImvplQVIQ0g1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8f58028be8d8782c2d7a332c35b82b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e8f58028be8d8782c2d7a332c35b82b0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:3056
    • C:\Windows\SysWOW64\ouncegoot.exe
      "C:\Windows\SysWOW64\ouncegoot.exe"
      2⤵
      • Executes dropped EXE
      PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\ouncegoot.exe
    Filesize

    70KB

    MD5

    92d95259a01f7f8f1ac763cb97b710c8

    SHA1

    f6948fdea12e9b0f3968c1c433615d5d2d16c0df

    SHA256

    a37a035eff5205a1a379045259667667719eaa9d7268d2f1da8fb39e1d541a24

    SHA512

    0ad9afbb973c1add71776ef28a596a708645cfc787df77eebd19c4ca99cb8412038393b4fc2a4537a927398a16d2ea4ad678da4aae2cc2d3ee24a1d811689924

    Download Submit

  • memory/3056-5-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download