Overview

overview

7

Static

static

3

d9fa537e9a...cs.exe

windows7-x64

7

d9fa537e9a...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 08:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d9fa537e9ae17d58ef8aaef648864900_NeikiAnalytics.exe

  • Size

    333KB

  • MD5

    d9fa537e9ae17d58ef8aaef648864900

  • SHA1

    d37d6778249472e5f224076a1830bdc5f38dad11

  • SHA256

    981ae762f1e5137266cd717a2e513a2a39deb1c5b3c5023f485dd22e16bd4f65

  • SHA512

    d4ab54ccdf65b53964a201756d94ddb6bc3ebb6232a7a8765b5afdea8a82402dd0fd86b301691477290b891fb4dda94bf77e452fcc864a4f3f0f9c4e9ad8c077

  • SSDEEP

    6144:vsjAXgOhretc4YreqMQBULjW2Jybfd9yy6atBWONLRIaUOkKr:qAXgOhretcnreqfBajHyjd97trIahP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9fa537e9ae17d58ef8aaef648864900_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\d9fa537e9ae17d58ef8aaef648864900_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Users\Admin\AppData\Local\Temp\d9fa537e9ae17d58ef8aaef648864900_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\d9fa537e9ae17d58ef8aaef648864900_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1520

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\d9fa537e9ae17d58ef8aaef648864900_NeikiAnalytics.exe
          Filesize

          333KB

          MD5

          8b301437f23a7fb2eb2ba72aaf5efd59

          SHA1

          b7436a8866b45e4a798312e23317c090d05cb3bf

          SHA256

          ac22903d5ed003d7ae8d9fe3cc1e42719c06a3543334ebec8a2613c0f0818193

          SHA512

          5f07ce7e0356b8c6a780c7cd4b4a680e226fb55111f27fbe52002ad78893d760157aae1a9fe99c5ee07276a6696d946478c926214a61e49091202fc716aafc87

          Download Submit

        • memory/1520-11-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/1520-12-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1520-17-0x00000000002B0000-0x00000000002E8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3048-0-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download

        • memory/3048-9-0x0000000000400000-0x0000000000438000-memory.dmp

          Filesize

          224KB

          Download