Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18-05-2024 20:19
Static task
static1
Behavioral task
behavioral1
Sample
448662cd10bb48f400e175b96cb5ac50_NeikiAnalytics.dll
Resource
win7-20240508-en
General
-
Target
448662cd10bb48f400e175b96cb5ac50_NeikiAnalytics.dll
-
Size
601KB
-
MD5
448662cd10bb48f400e175b96cb5ac50
-
SHA1
0ba9bac8e4e33fd573afb91bb53baecceef08985
-
SHA256
70545df36dee095e192922202370d5feb425db987c0a0db41dcd9d449881b446
-
SHA512
0ce301a2cf17415eafa06d7425864f9b9bdae7659ed6e89516d6d8cd076695a521779e38eb96ad7ee8e68d15c052eb5a8adc3628ba27ca1e952f377e06fd676a
-
SSDEEP
12288:TZJYswfXG5EIs1XHx7W5OPV9f1jCdJozSGKkyJxnpFx:TZJWXVIs1XHOEhMjZGMLnL
Malware Config
Extracted
emotet
Epoch4
45.118.115.99:8080
189.126.111.200:7080
79.137.35.198:8080
103.43.46.182:443
102.222.215.74:443
103.70.28.102:8080
196.218.30.83:443
146.59.226.45:443
5.9.116.246:8080
164.68.99.3:8080
163.44.196.120:8080
167.99.115.35:8080
209.250.246.206:443
183.111.227.137:8080
46.55.222.11:443
45.235.8.30:8080
51.91.76.89:8080
107.182.225.142:8080
103.132.242.26:8080
45.176.232.124:443
201.94.166.162:443
1.234.21.73:7080
160.16.142.56:8080
206.189.28.199:8080
212.237.17.99:8080
51.254.140.238:7080
58.227.42.236:80
77.81.247.144:8080
185.8.212.130:7080
150.95.66.124:8080
149.56.131.28:8080
51.91.7.5:8080
27.54.89.58:8080
110.232.117.186:8080
131.100.24.231:80
216.158.226.206:443
172.105.70.96:443
129.232.188.93:443
173.212.193.249:8080
91.207.28.33:8080
151.106.112.196:8080
172.104.251.154:8080
209.126.98.206:8080
212.24.98.99:8080
185.157.82.211:8080
197.242.150.244:8080
134.122.66.193:8080
167.172.253.162:8080
82.165.152.127:8080
159.65.88.10:8080
209.97.163.214:443
72.15.201.15:8080
185.4.135.165:8080
119.193.124.41:7080
94.23.45.86:4143
153.126.146.25:7080
103.75.201.2:443
213.241.20.155:443
158.69.222.101:443
203.114.109.124:443
188.44.20.25:443
1.234.2.232:8080
101.50.0.91:8080
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
regsvr32.exepid process 2928 regsvr32.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
regsvr32.exepid process 2920 regsvr32.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2920 wrote to memory of 2928 2920 regsvr32.exe regsvr32.exe PID 2920 wrote to memory of 2928 2920 regsvr32.exe regsvr32.exe PID 2920 wrote to memory of 2928 2920 regsvr32.exe regsvr32.exe PID 2920 wrote to memory of 2928 2920 regsvr32.exe regsvr32.exe PID 2920 wrote to memory of 2928 2920 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\448662cd10bb48f400e175b96cb5ac50_NeikiAnalytics.dll1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\WOPRJRgMztxJW\NkFDxYOFf.dll"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2920-0-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/2920-1-0x0000000180000000-0x0000000180030000-memory.dmpFilesize
192KB
-
memory/2920-4-0x0000000010000000-0x00000000100A1000-memory.dmpFilesize
644KB
-
memory/2928-8-0x0000000180000000-0x0000000180030000-memory.dmpFilesize
192KB
-
memory/2928-9-0x0000000010000000-0x00000000100A1000-memory.dmpFilesize
644KB
-
memory/2928-11-0x0000000010000000-0x00000000100A1000-memory.dmpFilesize
644KB
-
memory/2928-12-0x0000000010000000-0x00000000100A1000-memory.dmpFilesize
644KB
-
memory/2928-18-0x0000000010000000-0x00000000100A1000-memory.dmpFilesize
644KB
-
memory/2928-21-0x0000000010000000-0x00000000100A1000-memory.dmpFilesize
644KB