Analysis
-
max time kernel
138s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 21:46
Static task
static1
Behavioral task
behavioral1
Sample
43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe
-
Size
2.1MB
-
MD5
43dfe648bf6cc4effb1ebcbff7c03cb0
-
SHA1
a869d70a08652b1f4c13058c9a13676f3920803d
-
SHA256
4738a41b017840e66c46e526717fbfd5cff99c22a106b151ea47bd19e43a2be0
-
SHA512
c8ac85ce0ff631b68945efbadff4a5ec674f79ddf45d1cbf2eaa24e8298d7ec5141a230f2f1376826b12a1efc0eeac07da9df4244e0ac321b0780f55fd2fa225
-
SSDEEP
49152:kTaZAq6yZ5zprcdHP1X0x42w2dpbMG51czJGiR1fkGIqxu75l:/2uVrWHPK/DbMx3gGzE
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
jp2lt.exepid process 3320 jp2lt.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exedescription pid process target process PID 764 wrote to memory of 3320 764 43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe jp2lt.exe PID 764 wrote to memory of 3320 764 43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe jp2lt.exe PID 764 wrote to memory of 3320 764 43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe jp2lt.exe PID 764 wrote to memory of 3320 764 43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe jp2lt.exe PID 764 wrote to memory of 3320 764 43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe jp2lt.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:764 -
C:\Users\Admin\AppData\Local\Temp\tll319F.tmp\jp2lt.exe"C:\Users\Admin\AppData\Local\Temp\tll319F.tmp\jp2lt.exe" -litename "43dfe648bf6cc4effb1ebcbff7c03cb0_NeikiAnalytics"2⤵
- Executes dropped EXE
PID:3320
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
110KB
MD5bd74a4b30418260dd7caa695000eb8e4
SHA1e7aa3f336ca0658f97ce94b9650b14d6eb2bac36
SHA256871a247c75d50381109862a81b7501521ada711a85ad2400474a15bfafad6766
SHA51205d261e3c8446f427646e29bf5581e03f16bab4ab34abbdaf7be7cd5554ab54e92fe260e867057dbfdfc018bcf328b9b1a966cda9ab324e27751af16d4251883
-
Filesize
789KB
MD515701d07ec8cd1de2346eaa5369233fd
SHA156beebcb3b8dedfe20eca5eccb1a4e9eabd26299
SHA2569796aeeced9ba10402137ac2081073fe6c6ba7d2fffdf1db18a265cff48b8970
SHA512238a69e5f9161bf9097626379ca45683f523300e03b038e2a76d3ed9eee63903b4fc0839f318844ac1c5ebeeceaead74f021fd36e663eac33b94eb8cf7a27b24
-
Filesize
1.5MB
MD5b22ef0178893b11953c0088ae909c1b1
SHA13385f12cd2d68d9478dfbefe56e0ea4f61b9a974
SHA256ce1cc9e0ed3ce3d906c6f607122c845e943c3dd770487e7e83886d94efe46030
SHA51245ce04555f00332e912b73e23391693f88c0ad18fe9330df38cd474f1f9cee546ffb7d5eba6bef3b2a6d5d64b82016132965350a0349bafdbcf207218d4faceb
-
Filesize
11KB
MD5810261516945f6611547d7c67883a0ca
SHA16c607c52277a7063acd623d2ebf8f917c9420463
SHA2565dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f
SHA5120d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40
-
Filesize
17KB
MD531b0db710db76b64a0aebd5293ab6385
SHA1377ba394d5dd8acfb61409d2a55ce1eb968ebe36
SHA256552b36b0c8e752cd08bc52c4322bc4f7f772950bf30908f0decc22f6f58f8d36
SHA51264d81cc76ee0c3c2df2772174577494ba42e247a0f862010b5ab617fab1920dd87b3a47e77e7d9ed33976a3a7484cc84d69b67adb23ef5ce294c8d178e87ae26
-
Filesize
85B
MD548ec1197c199fbe45908ba6658001cf7
SHA1210e475e42b6842c8e71efcc5102a70e89e16a5e
SHA256819bb1e7869baa9a85008fea50c83ad47a6befba0dd6cd376013839f5d16f543
SHA512dbc1c2a4ca265ea97a0e0564646ac2ee8e1a640ae5bd25a86f3b151f6800d4b1e6de9b51828e1e0b169f7d94269aa495258862c5c4789b1147d105af74cd9e7b
-
Filesize
917B
MD5d6a6b435d0fae8bea7cf58f9e6556918
SHA1b0c37e4c0b389e321274a29f2ff0e6c49cc26495
SHA256b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423
SHA512e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229
-
Filesize
6KB
MD58f70b873788c2ed7b734977ff9fc7769
SHA16936c4a52d0693100393203d108432a6c4f6165b
SHA256dac713dbefe6be08d9259d8159577de6a0d97d39ea18784fd6b9d0ac1aba7c07
SHA5121a9364f3ad6e99e89d64d640df03c14f0d6c4d872eccd7a71e26c6fa4effc310fa8a2eae5dc4eaa925d9b579b67cd4307471648b8d6bf44ee47a3388e7ab5ea0
-
Filesize
829B
MD521bb0806bb082e9e92d4b6dd43e18d97
SHA161075d6c4c770a30a8a99290d29b2ea056c51eb4
SHA256d3f06fe92089127389ce4cf019e67c2121b982aaa3dd7a178031d3b66222a2d0
SHA512be44c5d85fa6b9331eac48727ec6a546f7b709f3753de02bcfd33bd32ae796d8c51cbf18c65b274af5e99da034651eff62ade83f2777474f692ca04ae15cbe9f
-
Filesize
1KB
MD59a569c0551a15d773e5bd4f48b8f4bc9
SHA17c14d53670a5164e93de7012c89fe3c7391b0aec
SHA25638d6bee8cd86aa2108220e5cce13e828afb8bd14bac0003daf0819ff22dc4f02
SHA5122541de16a09a5486be38bd91f811d63cbe9c923c1b6104d2b8ed3d3644369061f804de45a078ed5051225e476754ab1b89417d0729b59c72c0d972b50c63f284
-
Filesize
1KB
MD592d474cae1db6c6f022d84949fa6ab5f
SHA190e0ccc6e688761522c8222581a2177ed2c6d6a4
SHA256251938817085cd417ea664f1dff9488510cb33c82414e97b515084ceba25b48c
SHA512b00388a7e69d030c677bf79656b3b52d9b1d7bbb298da01aa986f189f068d97c4fe5f1f7799085ac671193fe40f518f9706bb66c5040052bc74bbaf006c3dfdc
-
Filesize
1KB
MD51632e1a7cc747f6ff41a95759a6bf0eb
SHA117f4a724aff9177d54d87bdb7685f743d66206ad
SHA256e703e4a2053b46b2e1d33047e0cbf57a190dbd9842ab6b37252ff99a331f7f9e
SHA5120296503c61fcc2c2079200d9b126a74974f027b92d5c09a29b3710626f7b6a37080928771039e36f581cd1040085f2db35f9cc0e88110ff167ec4a8379b03d39
-
Filesize
1KB
MD5889101b1121bccb29f042153efd7b4d1
SHA143b042a7d9f3b616c6d59ec3e166e1a79873a272
SHA2561204b97ee8c4635927b68efdba85d80ee767662381baf622f4df53aa540fb393
SHA512f082d958d99828a272e9b83ce602bac9d5a35287138d28c2232ec338d6ab4005d8b2d0f20ebf9d087ee83c24fff7438eebe60e65fbedfebbe426a17550799372
-
Filesize
3KB
MD5a0bd5019f5f9ac39437551fffa11fcd2
SHA1f06c87eaaf9e7d57c349d4467c73d416c6f848f4
SHA2563a3d796941c96b67ef51572d14185e30163169d4006932961aac8718d7fdb63d
SHA512e7cc3ead5b4b47783a641be867a7f8adabd308c168bb9f246a4e34e5ce8610093620195a5590cde65ec1efc220d18ad62b59e034d3258d47675b70b8e4c7c440
-
Filesize
128B
MD52a0b1e61b6a025358da9b24fe8948f1d
SHA1f9ccbf12b44160c5a0a02a8195398d31c3391151
SHA2569c057c42e70f4c19450cceaecffa1ff1246fdff5de02f28aa90c145cdaaa1284
SHA51248779a4b97c636c88a1ff167c106de403c947948f225d1a4a52b85439a701e33c5672a20d2ce52cff10a9233278b5b708558cc34a28d87144d3cda0869307123