Overview

overview

7

Static

static

3

4a76478586...cs.exe

windows7-x64

6

4a76478586...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a7647858648aaf45b2163e3ceb4b170_NeikiAnalytics.exe

  • Size

    154KB

  • MD5

    4a7647858648aaf45b2163e3ceb4b170

  • SHA1

    271f125eea1a744bf7bb820f8a8a4e4175c264ce

  • SHA256

    17c5334d7cb118bb198bf13b120c7f5ed58848a4f38f46b8f4656fdf8aa0761c

  • SHA512

    5c5f431d46ca14e3f3b18515616c14524be51efafbfe9392861fe0997e8d2e55eaceb1208d023dcaed98e7512a21c3811fa657110dab542daaefb7bb55503d4f

  • SSDEEP

    1536:C7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfOxmW:gq6+ouCpk2mpcWJ0r+QNTBfOcW

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a7647858648aaf45b2163e3ceb4b170_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4a7647858648aaf45b2163e3ceb4b170_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3C1E.tmp\3C1F.tmp\3C20.bat C:\Users\Admin\AppData\Local\Temp\4a7647858648aaf45b2163e3ceb4b170_NeikiAnalytics.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Windows\system32\format.com
        format D
        3⤵
        • Enumerates connected drives
        PID:3736
      • C:\Windows\system32\notepad.exe
        notepad
        3⤵
          PID:1336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\3C1E.tmp\3C1F.tmp\3C20.bat
      Filesize

      141B

      MD5

      94a8c78e2af7ff36d7e0bf31ee7b4b1f

      SHA1

      9cf5959a6c1c85f7aa32cf8d24056b9b7cba0bf2

      SHA256

      6b35541e58eb91b04c76e0f11d29e1b7c9d50ddf0473e1e48607e8f7776bbcf1

      SHA512

      014509e76bbc7ceb0f56b3e5c17b45bc499a2e8655e9ef1b42237c56481d30f73cdd5cbe661f0ef279e277f35eca3ec6803ee6a42a00044cde97e3c678129f7a

      Download Submit