444946795364b68ae868962723f344e4d7d6a67706b2d449bad654354574f7a8

Analysis

max time kernel
149s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe
Size

65KB
MD5

95dd704e5a204dfaa1b1d2a562190890
SHA1

8f1e14bacf4e86fd06db89537b9b97a812b5ea8a
SHA256

444946795364b68ae868962723f344e4d7d6a67706b2d449bad654354574f7a8
SHA512

387f98f89d1dc783558c774cd7ed659ce873415f15901ec92d99d2f713fee59b0c334850639f1a5bfe3cd18ca9e0da7b2c527897558c3fe9d090fa501cc74c82
SSDEEP

768:+eJIvFKPZo2rmEasjcj29NWngAHxcw9ppEaxglaX5uA6:+QIvEPZovEad29NQgA2wQle5i

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2224	ewiuer2.exe
2496	ewiuer2.exe
2072	ewiuer2.exe
1312	ewiuer2.exe
2300	ewiuer2.exe
788	ewiuer2.exe
1980	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
1740	95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe
1740	95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe
2224	ewiuer2.exe
2224	ewiuer2.exe
2496	ewiuer2.exe
2496	ewiuer2.exe
2072	ewiuer2.exe
2072	ewiuer2.exe
1312	ewiuer2.exe
1312	ewiuer2.exe
2300	ewiuer2.exe
2300	ewiuer2.exe
788	ewiuer2.exe
788	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2224	1740	95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2224	1740	95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2224	1740	95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe	28
PID 1740 wrote to memory of 2224	1740	95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe	28
PID 2224 wrote to memory of 2496	2224	ewiuer2.exe	30
PID 2224 wrote to memory of 2496	2224	ewiuer2.exe	30
PID 2224 wrote to memory of 2496	2224	ewiuer2.exe	30
PID 2224 wrote to memory of 2496	2224	ewiuer2.exe	30
PID 2496 wrote to memory of 2072	2496	ewiuer2.exe	31
PID 2496 wrote to memory of 2072	2496	ewiuer2.exe	31
PID 2496 wrote to memory of 2072	2496	ewiuer2.exe	31
PID 2496 wrote to memory of 2072	2496	ewiuer2.exe	31
PID 2072 wrote to memory of 1312	2072	ewiuer2.exe	35
PID 2072 wrote to memory of 1312	2072	ewiuer2.exe	35
PID 2072 wrote to memory of 1312	2072	ewiuer2.exe	35
PID 2072 wrote to memory of 1312	2072	ewiuer2.exe	35
PID 1312 wrote to memory of 2300	1312	ewiuer2.exe	36
PID 1312 wrote to memory of 2300	1312	ewiuer2.exe	36
PID 1312 wrote to memory of 2300	1312	ewiuer2.exe	36
PID 1312 wrote to memory of 2300	1312	ewiuer2.exe	36
PID 2300 wrote to memory of 788	2300	ewiuer2.exe	38
PID 2300 wrote to memory of 788	2300	ewiuer2.exe	38
PID 2300 wrote to memory of 788	2300	ewiuer2.exe	38
PID 2300 wrote to memory of 788	2300	ewiuer2.exe	38
PID 788 wrote to memory of 1980	788	ewiuer2.exe	39
PID 788 wrote to memory of 1980	788	ewiuer2.exe	39
PID 788 wrote to memory of 1980	788	ewiuer2.exe	39
PID 788 wrote to memory of 1980	788	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\95dd704e5a204dfaa1b1d2a562190890_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2072
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1312
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:788
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CARGHDE2.txt

Filesize
229B

MD5
53224ab521385acc7c6ff1c9dfe01175

SHA1
00afb3671b08b36b04c3294a0c76e835dda5ec34

SHA256
884d7bbaad52fe82b88717698ef0a8c7b9719e7d64eff33c7901e9582adbf6ee

SHA512
37d65bef973d5a55fdc4c4290621578e57ff1ebe69898352fb4d9b5bd6d0554fa9f5ebcdc4993869450e599d9b9034bd10707c96b166bde26cade908d92a9a3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OZ7ICN7A.txt

Filesize
230B

MD5
920e6e3d464d6c05b3121eeec85a9300

SHA1
b6282b37524aceea7d118972ffab21ffbd158be1

SHA256
c0fb78dbe94b8c900b97adaac3acb1089e3661d1ed659f54d37bc2863d60d53c

SHA512
48a71a9df0d92848d15e50fd6d8cfe4795b76e88f7e232eefb5225848ee86815f13a78ef2659b301b094e968e8737a260352b7f67c9b0cd7510fdabbd7c5bc66

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
bdb4f9654e02caeb4c86e56463405787

SHA1
fad0094ec7218493206da09d33d31a7cc569d997

SHA256
ddf74a9b53839aa828e27e43f98d9622bca3605f0824655b009c9ffa12eba5a8

SHA512
6252106379809b6345fc35657107ee24c470ca2b7481a6fc3970c56fc99ce1ac81b734a3be7d54d0bcc828cb442f180c20d796b9bfc056e32fa158cdae653dd7

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
d2e28ba48bc6d5093c5bd259045634cd

SHA1
a28e4453b23fe11c11fd7cb55959e2d4a29a47c9

SHA256
b571295cb7f6dc74f98afac868bdf0a24e5e1db4288e9284acbe5c40d8443326

SHA512
b20aa545e260b14e2987679a685da60b675fb63f4a3e5bbeceeb74ebb799062e58e9b68ae84917d56f74c71e74458eb353082e0154cffbd114ec031b2a4287e3

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
76fada35f909c4f9f21aadd46e2155d5

SHA1
ec4ca33d353539048ee7ca51c892cf0e368d753f

SHA256
993a7e8c911a4602aa9ec0c7cf80f8cd5aa42e6b284fc08ecc53c6bcfd7afb74

SHA512
8fe597e413caaee70cfc110ab0ee7ca71f34e597c5b5ccfe5a00a152328e3d24b678d1b86fda4ed204ad37d7648a301b5df0a28f83726410173a26704de6726d

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
f503327de5dc8da7da174c36f9eed936

SHA1
0dfac47507381ae32721f13335f99a80ae28b5a7

SHA256
ba6e8a92c16ce9c75d657b5f07cf50fd4a112fe840e847d017ee4e3a250b4fb4

SHA512
473765ae5598aed98fb1dc3ff8bfa5b80e25723ab217866ff07e25664a9b72b7d7d3cbe4940b386d3fe2221da234a3c336d8a629d37c0b9ef70a9d75de424a1e

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
876124739677f9bdf5ca6803a40728cb

SHA1
32ea126412371c7f7436cb4b7b04b863ca3982c5

SHA256
56ff84fb36eff7da8b15ee1f602bcaf58bf06a89912443189d651e608e2ad4bb

SHA512
44e20d97042ec947f74649c890fba5d7a3d03cb7c335d84cd9ef1810c030fd981016ec993cec3989c3c0050e67af61e29fb583a06416044afea6d3731502d00f

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
35ce2b8bae6e16440ab3221237912d39

SHA1
70b7ad9d0a07276589d3f272f66294039143dc14

SHA256
27860623927f35409ee8d2cb2e61a13438f4fd3e1a1781910d0f35d9b68ffdbf

SHA512
f6250535da091ae057dd8643c9669ba57baa4eff5ea951eaa41bbb5d635e6e0c8503eb3b1dfc19fa76b900a16d1ffb810e144731d7ffca7d013730fe082ff43d

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
98e43432ee0d8fbc3be5244f383c03f2

SHA1
b480768ed5e32af6016c33e56dc21b0b7188ad10

SHA256
82166baaccae81daa45949552b3474935149251d0a5dbe30c2bd4409c9babefd

SHA512
680be78817f70b320a213da9209de8c285a7488d3be0e1d40653d8a9faf1606ae7486463532eca797e5ab4d7bc775f078392549d4a55593f929cc2f124e92bd2

Download Submit
memory/788-73-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/788-82-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1312-57-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1312-50-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1740-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1980-85-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2072-36-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2072-47-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2224-22-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2224-16-0x00000000023A0000-0x00000000023CA000-memory.dmp

Filesize
168KB

Download
memory/2224-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2224-9-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2300-61-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2300-59-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2300-71-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2496-33-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2496-28-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads