Overview

overview

7

Static

static

3

5942abe6e2...cs.exe

windows7-x64

7

5942abe6e2...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5942abe6e2b4af65c3c0cbc90d9be600_NeikiAnalytics.exe

  • Size

    1.5MB

  • MD5

    5942abe6e2b4af65c3c0cbc90d9be600

  • SHA1

    e2f7165f78bc48fe5f73cd64dee8cf3ff09d8dce

  • SHA256

    5d30bc82954f11f3349c6e211dc8f8a410736a3d96d6b7a944cd52d99fb0aa90

  • SHA512

    2ead42421f7c08d8b421d497b8f5d35f5244fad0f02896783383e6dd2746ef2263ed8ec9afe6544de942423c1ce635b99d65dbbff6f0d9789b0e5e86b76f78c6

  • SSDEEP

    12288:wAiP72eSMIO74u8k7UtnzPgGeB0dPoIlaNyF/ofCVGGfX134R9kMKy:wAi72et/HU9zPjeidP1Yi/dGyA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5942abe6e2b4af65c3c0cbc90d9be600_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5942abe6e2b4af65c3c0cbc90d9be600_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 352
      2⤵
      • Program crash
      PID:3020
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:2176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    1.5MB

    MD5

    4f2ee1a8243ad638129d78fd48c85def

    SHA1

    1d2463f0873769750f67bfc95895f81e67fbf2bf

    SHA256

    40d6e10588936af42859915f971f568a4b56481deec432cc6ec3f3bf00ea0ea9

    SHA512

    204a228b13ecd4851d3f790ee0fecab5e9e2bc5810a6c5d1761e21254cbb1e2c8afbb8e0755813b48948355d8f56c0b11e3a13c9f22c91a029be4e9dabd92b2d

    Download Submit
  • memory/2176-13-0x0000000000450000-0x00000000004B0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/2176-22-0x0000000000450000-0x00000000004B0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/2176-21-0x0000000100000000-0x000000010017D000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2176-25-0x0000000100000000-0x000000010017D000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2988-7-0x0000000030000000-0x000000003018C000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2988-0-0x0000000000520000-0x0000000000587000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2988-8-0x0000000000520000-0x0000000000587000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2988-24-0x0000000030000000-0x000000003018C000-memory.dmp
    Filesize

    1.5MB

    Download