Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
19-05-2024 23:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe
-
Size
456KB
-
MD5
5606b4f826ff22d16848eb8d73f54fe0
-
SHA1
dc91227153e3e14a43b8183b18c7d9574495a8c7
-
SHA256
085e06aba394f7ab8911390519f30dcbbce71a7ea7d8ca2d48db491c8619750c
-
SHA512
73567f6f32f394b8241763daa923a30b94a775b532f1902fd4cd4c5fdd16131e5392851115d335d47c28dac31478d1db30151d4a24db36e6a10c5772aa55f8f3
-
SSDEEP
12288:lBgFKf1pZ9nL57QT44uYWwMXbHu0wGgFn:HgFk1pZ9VsT44uNwMXbHDwn
Malware Config
Extracted
Family
lumma
C2
https://corruptioncrackywosp.shop/api
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exedescription pid Process procid_target PID 3084 set thread context of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exedescription pid Process procid_target PID 3084 wrote to memory of 3712 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 83 PID 3084 wrote to memory of 3712 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 83 PID 3084 wrote to memory of 3712 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 83 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84 PID 3084 wrote to memory of 3780 3084 5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5606b4f826ff22d16848eb8d73f54fe0_NeikiAnalytics.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3084 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:3712
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:3780
-