Overview

overview

7

Static

static

3

41094def0f...cs.exe

windows7-x64

7

41094def0f...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41094def0fc4232a1a944e0d96cd3bb0_NeikiAnalytics.exe

  • Size

    202KB

  • MD5

    41094def0fc4232a1a944e0d96cd3bb0

  • SHA1

    7b875ab7bdd2ef167adec5a223c8a92427507b07

  • SHA256

    27228fb292fd3d144e373584bc25aeae69507a4c3e5ac2013481dd93d01b8137

  • SHA512

    7da13a9724937a201f4bd7f02f6a0dea25bf3a93f1c8524716354d649b968b3c83cb0bf0fac086355ce2a20b561479f3203a63b73ef0aaa3e3d383e9e98c6037

  • SSDEEP

    6144:09kwBxO6SXQ/Yr9nWOsVNc2DQ99bu3Ti8FpoVrP:0DSgQxWOl2DeajpoVrP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41094def0fc4232a1a944e0d96cd3bb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\41094def0fc4232a1a944e0d96cd3bb0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Users\Admin\AppData\Local\Temp\41094def0fc4232a1a944e0d96cd3bb0_NeikiAnalytics.exe
      C:\Users\Admin\AppData\Local\Temp\41094def0fc4232a1a944e0d96cd3bb0_NeikiAnalytics.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\41094def0fc4232a1a944e0d96cd3bb0_NeikiAnalytics.exe
    Filesize

    202KB

    MD5

    1ac55b0b65fa61fcc2e1674d6070cc23

    SHA1

    e0ae5588844f9eb919249267cfdf4514aad17b5b

    SHA256

    f5db4faccabcb3b8e09d110c3e238011d81d011a6fc68983cec6d231720309e0

    SHA512

    0d7b5269c0af746f93516a67ad94a7fba8dc2aea5c05d281bef30d3b7fd39e18b2944b7c6c0b729b2f75cfa0347370e24f9e7a1b548e47c0a08aeede6f3ec0bb

    Download Submit

  • memory/2776-0-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2776-10-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2776-8-0x0000000000170000-0x00000000001AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2980-11-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2980-12-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2980-17-0x0000000000170000-0x00000000001AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2980-18-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download