Overview

overview

7

Static

static

3

565d4e688a...cs.exe

windows7-x64

7

565d4e688a...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    565d4e688af91012baabebe331302ea0_NeikiAnalytics.exe

  • Size

    26KB

  • MD5

    565d4e688af91012baabebe331302ea0

  • SHA1

    87699fe4dfa06ce3232aaa6e5aa3611f405c35e2

  • SHA256

    932f01727da690805dbb898b4ecf794aba15fde9600d3266f8d49bd060b73abd

  • SHA512

    d5d6e443e89bb4acdbc9e72ae15b140374be0a896bf36c7fc091d344d8fd541f2c19829ce3d8dac9bdd1d5361a3de0e71a47c04fd79ce6c4295e4ca4ed8efbb8

  • SSDEEP

    384:ctz3+pmuMgm4PHgTfhl1IBxRlHzZN2zVqObfVb2:6zQMQWlqBxRlHzZN2zAaVb2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\565d4e688af91012baabebe331302ea0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\565d4e688af91012baabebe331302ea0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\laccm.exe
      "C:\Users\Admin\AppData\Local\Temp\laccm.exe"
      2⤵
      • Executes dropped EXE
      PID:1928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\laccm.exe
    Filesize

    26KB

    MD5

    44ab786874992635f887b94c7251ee11

    SHA1

    a5892be0b1d424080c34ccbafd9e23c737a8acad

    SHA256

    cff496e72e2a289f52631bd222f9212d8575aac117e35435fd72b26a91b3993e

    SHA512

    76d9b972f5b2290f33d76f60dff92c4d8c241bb90414122203c7ce45c0f655bd2b9d08e9f971f6f3016aa467cb4752d49714dbd26ed5374da828caef150e416b

    Download Submit

  • memory/1928-13-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1928-15-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2204-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2204-2-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2204-10-0x00000000004D0000-0x00000000004D8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2204-12-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download