4738a41b017840e66c46e526717fbfd5cff99c22a106b151ea47bd19e43a2be0

Analysis

max time kernel
120s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe
Size

2.1MB
MD5

43dfe648bf6cc4effb1ebcbff7c03cb0
SHA1

a869d70a08652b1f4c13058c9a13676f3920803d
SHA256

4738a41b017840e66c46e526717fbfd5cff99c22a106b151ea47bd19e43a2be0
SHA512

c8ac85ce0ff631b68945efbadff4a5ec674f79ddf45d1cbf2eaa24e8298d7ec5141a230f2f1376826b12a1efc0eeac07da9df4244e0ac321b0780f55fd2fa225
SSDEEP

49152:kTaZAq6yZ5zprcdHP1X0x42w2dpbMG51czJGiR1fkGIqxu75l:/2uVrWHPK/DbMx3gGzE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

jp2lt.exe

pid process

2744 jp2lt.exe
Loads dropped DLL 1 IoCs

Processes:

43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe

pid process

2244 43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2744	jp2lt.exe

pid	process
2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe

description	pid	process	target process
PID 2244 wrote to memory of 2744	2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe	jp2lt.exe
PID 2244 wrote to memory of 2744	2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe	jp2lt.exe
PID 2244 wrote to memory of 2744	2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe	jp2lt.exe
PID 2244 wrote to memory of 2744	2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe	jp2lt.exe
PID 2244 wrote to memory of 2744	2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe	jp2lt.exe
PID 2244 wrote to memory of 2744	2244	43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe	jp2lt.exe

C:\Users\Admin\AppData\Local\Temp\43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\jp2lt.exe
"C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\jp2lt.exe" -litename "43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics"
2⤵
- Executes dropped EXE
PID:2744

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\Default.spk
Filesize
110KB

MD5
bd74a4b30418260dd7caa695000eb8e4

SHA1
e7aa3f336ca0658f97ce94b9650b14d6eb2bac36

SHA256
871a247c75d50381109862a81b7501521ada711a85ad2400474a15bfafad6766

SHA512
05d261e3c8446f427646e29bf5581e03f16bab4ab34abbdaf7be7cd5554ab54e92fe260e867057dbfdfc018bcf328b9b1a966cda9ab324e27751af16d4251883

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\Puzzles\px3580374.pzl
Filesize
1.5MB

MD5
b22ef0178893b11953c0088ae909c1b1

SHA1
3385f12cd2d68d9478dfbefe56e0ea4f61b9a974

SHA256
ce1cc9e0ed3ce3d906c6f607122c845e943c3dd770487e7e83886d94efe46030

SHA512
45ce04555f00332e912b73e23391693f88c0ad18fe9330df38cd474f1f9cee546ffb7d5eba6bef3b2a6d5d64b82016132965350a0349bafdbcf207218d4faceb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\data.pck
Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\english.lng
Filesize
17KB

MD5
31b0db710db76b64a0aebd5293ab6385

SHA1
377ba394d5dd8acfb61409d2a55ce1eb968ebe36

SHA256
552b36b0c8e752cd08bc52c4322bc4f7f772950bf30908f0decc22f6f58f8d36

SHA512
64d81cc76ee0c3c2df2772174577494ba42e247a0f862010b5ab617fab1920dd87b3a47e77e7d9ed33976a3a7484cc84d69b67adb23ef5ce294c8d178e87ae26

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\index.ini
Filesize
85B

MD5
48ec1197c199fbe45908ba6658001cf7

SHA1
210e475e42b6842c8e71efcc5102a70e89e16a5e

SHA256
819bb1e7869baa9a85008fea50c83ad47a6befba0dd6cd376013839f5d16f543

SHA512
dbc1c2a4ca265ea97a0e0564646ac2ee8e1a640ae5bd25a86f3b151f6800d4b1e6de9b51828e1e0b169f7d94269aa495258862c5c4789b1147d105af74cd9e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\lite.lng
Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\log.txt
Filesize
3KB

MD5
500639b74ef6f46ca8ff6e608be19cc1

SHA1
eed965a83345d84a2fe66af4ed5594f1566415b7

SHA256
3bef759a850bf068611f1c164abb511df961934d5dd9c4c73d83114b3b8bc82d

SHA512
3f7a8fcc994f98cea4d6e2546006748e96d1ff03b7671c49fe44dc23b7c2a1c7404238cc5017ce21b46efeb4e10d5048beb293cb76fa3cc5a0a6d82726289458

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\log.txt
Filesize
4KB

MD5
dcb5e0a6a56694ad7c67176a467c2426

SHA1
f2e6c2310bd507d82090bb6c2573da5a56f68eb9

SHA256
58d92344c68e0942bdd7a37f48799b973d32333055deb3ad29b046fc96c48b68

SHA512
72503ea3bfa58cb79cc914106cbbbe0cdab824b144c222c139f5b9d5c1c67800ecc03969f0e0b3711573787c724ba7d6cbeed17c8626c964d0e0f7054552da7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\log.txt
Filesize
388B

MD5
9315b609704915069272312170b6911c

SHA1
dde912c3350723b80d9a4c90680f6a1c4fc96f69

SHA256
04261d1c351c925cd4264bfb782344c9a42be3c570dc2ec884955405cb384633

SHA512
1ebed1b3e6dd38d86a960bccac9a21e0e8c08fd3a576a876f79758587d232a26c3ecb2f543e4ff2aebf032a4cb2f716f0220619f304bae1488319f2ef5b35832

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\log.txt
Filesize
1KB

MD5
e8a759c25f42d8f9c5842610d952bde4

SHA1
a7b67dc7a91ea7cdca258496389faaac8297ae7d

SHA256
b2d5df72c95bea72671772371dbc5ba721c461871a293e35ab871c0b7f3ff3ff

SHA512
4e1577dcfc73866557753ee582b2250af3b3dd2cb792d59a02e76d25f2d6dc8c03d46fffb7886a94ab4cdd5c29e621594446d322011acdec3dbd82627570b526

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\log.txt
Filesize
2KB

MD5
309a529d809fb6c5532957da282d207a

SHA1
cf34768fcd019efc331ba6f70e06125de9b31dd5

SHA256
7f03a2d8eec9368708aea4187bd6632ee84432d23747e1680788502dc6b93a8d

SHA512
186798bd260345404ecdac9e2426708805cfb3332e0c6e99049a8315238abecf4fd913e1f5b26970cf74854e7861cbdee6fe8c75d1a946f6f173d619383508bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\log.txt
Filesize
3KB

MD5
2cd4161cce126cef4f969fab7f428186

SHA1
005f90ba04bf1d544641d8139751371536f0cc5b

SHA256
bd884576374409f0dd24820901127c78ef5deade3b50831cbd41ad303193870f

SHA512
3adc0c5b237e3fcf7d07bfdd55b1d80ca32f27b60f1c3bd1784e62855a63e11f398f648e0327e65c9567f878c2e95aa077bdef94a7fc3427f9d547989c1c7076

Download Submit
C:\Users\Admin\AppData\Local\Temp\ts9177.tmp
Filesize
128B

MD5
2a0b1e61b6a025358da9b24fe8948f1d

SHA1
f9ccbf12b44160c5a0a02a8195398d31c3391151

SHA256
9c057c42e70f4c19450cceaecffa1ff1246fdff5de02f28aa90c145cdaaa1284

SHA512
48779a4b97c636c88a1ff167c106de403c947948f225d1a4a52b85439a701e33c5672a20d2ce52cff10a9233278b5b708558cc34a28d87144d3cda0869307123

Download Submit
\Users\Admin\AppData\Local\Temp\tll8FC1.tmp\Jp2lt.exe
Filesize
789KB

MD5
15701d07ec8cd1de2346eaa5369233fd

SHA1
56beebcb3b8dedfe20eca5eccb1a4e9eabd26299

SHA256
9796aeeced9ba10402137ac2081073fe6c6ba7d2fffdf1db18a265cff48b8970

SHA512
238a69e5f9161bf9097626379ca45683f523300e03b038e2a76d3ed9eee63903b4fc0839f318844ac1c5ebeeceaead74f021fd36e663eac33b94eb8cf7a27b24

Download Submit