d919ac06dcf0b1e469ed400fa96bd0228584a8e9e4b4b064051d4679fa1951d2

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe
Size

24KB
MD5

ae2c9255690c7880d08b48c86dbeefe0
SHA1

35002bb53f0856b29b6af5e937d3a23248236a1a
SHA256

d919ac06dcf0b1e469ed400fa96bd0228584a8e9e4b4b064051d4679fa1951d2
SHA512

a2771ec4fd442fba8a4d9407d47ebce8ef004f87b3e0e0fa401b909c54a795696c0ffdc42475b8bb5bc4ba61a2ed5e08228da800e5e90e96c6d02c39a0a92390
SSDEEP

384:XKaUKfzBk6z/aljy5UmUBY5YQiGW7NpgHZDcif3ldznRTRvgMDU+MY+5omm8p:aaUANkQsjcVn5XW77ZI3ldT711sos

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2904	mpjnr.exe

Loads dropped DLL 2 IoCs

pid	Process
2648	ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe
2648	ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2904	2648	ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2904	2648	ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2904	2648	ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2904	2648	ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\ae2c9255690c7880d08b48c86dbeefe0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\mpjnr.exe
  "C:\Users\Admin\AppData\Local\Temp\mpjnr.exe"
  2⤵
  - Executes dropped EXE
  PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mpjnr.exe

Filesize
25KB

MD5
f1c3905f54e6f29ba849e842db362fee

SHA1
db3da14587ff3923313a5ec96d56c1aa8427dd81

SHA256
18e12204b4aa59032c67f7c70560f9fc876aa347ba304bcd4b9db45c9a1c4818

SHA512
0646cda07eccac8913c94f106b113f4929835821c563b22820856f35e829cc390a390f45cb0e7e7ba4122c8b2cee668eaed4d70d153aaae1942b64ae80a75055

Download Submit