Overview

overview

8

Static

static

3

e4ccb9abd0...cs.exe

windows7-x64

8

e4ccb9abd0...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4ccb9abd0dc4e678f4c169c8e144bf0_NeikiAnalytics.exe

  • Size

    276KB

  • MD5

    e4ccb9abd0dc4e678f4c169c8e144bf0

  • SHA1

    c59882c2289fed178beb0bb0c6b26dd3eff0a2b5

  • SHA256

    53a6322a613cc704674258ac49d809d57cb82b06800b5129876aec619bc40349

  • SHA512

    616f9c8cc90cdf0cece35c4864583611848542e0c04e2ec247016da4e3f241e76118c647cd4477c8ffa37be56237bfdac6226bf856598812008e670ffc911e4b

  • SSDEEP

    6144:yFpiTSfDhpOQAYg718kVFRCHplF6UoLGqpXw:FTSfDh7AL18UwJbhWXw

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4ccb9abd0dc4e678f4c169c8e144bf0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\e4ccb9abd0dc4e678f4c169c8e144bf0_NeikiAnalytics.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of UnmapMainImage
    PID:824
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {D0FA81A3-AE16-4473-8C02-63346C3F73B7} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\PROGRA~3\Mozilla\anhxrcb.exe
      C:\PROGRA~3\Mozilla\anhxrcb.exe -wxojhrj
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\Mozilla\anhxrcb.exe
    Filesize

    276KB

    MD5

    4c5740ae6080daf302e806d7cced4917

    SHA1

    0b334fcf18402340cf0f67bcf8a8bb01254ba9b6

    SHA256

    4522a116fa27212531dd582240f74b05203331eae2a60173a3f6eb759cf532b7

    SHA512

    d52be1c826e9d7359061339a8a2181fdbf194c16544fad60985a383a07c8d6cfd6022a867b83aaba7afb47c73bc112a226199d2f10832358f62dc539c84e301d

    Download Submit

  • memory/824-0-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/824-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/824-1-0x0000000000310000-0x000000000036C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/824-5-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2208-8-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/2208-9-0x0000000000260000-0x00000000002BC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2208-10-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download

  • memory/2208-12-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

    Download