Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
19-05-2024 04:58
General
-
Target
7a7025c39d48a61befa6a6ed58512f90_NeikiAnalytics.exe
-
Size
1.5MB
-
MD5
7a7025c39d48a61befa6a6ed58512f90
-
SHA1
1b552325a16db541a81d1c3d24c8fe61c5bf2d53
-
SHA256
b042cf20e7acc3f43bf670316fd258c9388e5e475a02dc9b9cd96b27e79e9ec3
-
SHA512
d052f757f859ae1384da3874e1e1c5e9380d52899b18c72d65583b76f44be070667b5cde914ed4df8ec684a638bebd12c5212314fd0f22708cd6168139cd5ea3
-
SSDEEP
24576:PnyHHz63zfqEy9Y7pi6iCf/IAJwLbueuSwHYgFMBELba1:P8u3zfw9YYxCf9CbueurYgFMKba1
Malware Config
Extracted
cobaltstrike
100000
http://8.130.52.13:8899/jquery-3.3.1.min.js
-
access_type
512
-
host
8.130.52.13,/jquery-3.3.1.min.js
-
http_header1
AAAACgAAAB5BY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUAAAAKAAAADFRlOiB0cmFpbGVycwAAAAoAAAALQWNjZXB0OiAqLyoAAAAKAAAAa1JlZmVyZXI6IGh0dHBzOi8vY24uYmluZy5jb20vaW1hZ2VzL3NlYXJjaD9xPSVFNCVCOCU5NiVFNyU5NSU4QyVFNiU5NyU4NSVFNiVCOCVCOCVFOCU4MyU5QyVFNSU5QyVCMCZmaXJzdD0xAAAABwAAAAAAAAANAAAAAgAAAAlfX2NmZHVpZD0AAAAGAAAABkNvb2tpZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_header2
AAAACgAAAC9Db250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZAAAAAoAAAAbT3JpZ2luOiBodHRwczovL2NuLmJpbmcuY29tAAAACgAAAGtSZWZlcmVyOiBodHRwczovL2NuLmJpbmcuY29tL2ltYWdlcy9zZWFyY2g/cT0lRTQlQjglOTYlRTclOTUlOEMlRTYlOTclODUlRTYlQjglQjglRTglODMlOUMlRTUlOUMlQjAmZmlyc3Q9MQAAAAcAAAAAAAAADQAAAAUAAAAIX19mb3JtaWQAAAAJAAAAFGFwaXR5cGU9a2pSbVdnbGpyUVR2AAAACQAAABRvcmRlcnR5cGU9WG92ZkFyRWdBWQAAAAcAAAABAAAADQAAAAIAAAAqYWlkXz01MjIwMDU3MDUmYWNjdmVyPTEmc2hvd3R5cGU9ZW1iZWQmdWE9AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-
http_method1
GET
-
http_method2
POST
-
jitter
16896
-
polling_time
3000
-
port_number
8899
-
sc_process32
%windir%\syswow64\WerFault.exe
-
sc_process64
%windir%\sysnative\WerFault.exe
-
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsq1neYcqlkmWzzct+s8KTz+d9AD2a3lqV2EYY2oF9fBIhF5veFLNaI3okxHyTt+MP6kVyLnNugZ0M5ZHX1r7dHzejH0IWxlRPDs/FfsGGOGW92bZKZsl2fXnO6RDAGoXfsIfomlDaegoyDC3BLtkvUFht/T2B7pom/vWgNvAcvwIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
unknown1
4.18408576e+09
-
unknown2
AAAABAAAAAEAAAY/AAAAAgAABj8AAAACAAADIwAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-
uri
/rewardsapp/ncheader
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
-
watermark
100000
Signatures
-
Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a7025c39d48a61befa6a6ed58512f90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7a7025c39d48a61befa6a6ed58512f90_NeikiAnalytics.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
260KB
-
Filesize
4.4MB