Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 20:20

General

  • Target

    69e4c2665cf9fb4eb8a0271485794a80_NeikiAnalytics.exe

  • Size

    33KB

  • MD5

    69e4c2665cf9fb4eb8a0271485794a80

  • SHA1

    9f8e179820d2c7aa09f8a1701fe1057358a1ec62

  • SHA256

    f3d702c72269c849a6c60c5e18ce09699caebe989fe1fc60dc76d75ff015d5a6

  • SHA512

    2dfa75715a0f332ecdc4ef5940ebb31ae73fcb71bd56a4a19ec6c52cea704e8b30b989abd320389f37ea9528393d770ff3d7afb46d4199df2b0dd3b3bbc6b174

  • SSDEEP

    768:/qPJtHA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKYfdhNhu:/qnA6C1VqaqhtgVRNToV7TtRu8rM0wYO

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69e4c2665cf9fb4eb8a0271485794a80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\69e4c2665cf9fb4eb8a0271485794a80_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe

    Filesize

    33KB

    MD5

    349024899e6f59c6aee3d892dfcc73b3

    SHA1

    bdce40248de70688ea0c9cacbf97b0b4759b34e4

    SHA256

    2a482576b4776b05eaf1431682e0b2ed96ef5a2ea36bf459b966143de9b8379d

    SHA512

    0533c7d8e51396f1c0e7ff080c83a8cfe4333fe88d31769d31adfb0b5dd16fe35d102634758465f253e7f60a654d4587a037b869e1ab4f561fa0bc6ccabc22a6

  • memory/4972-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

  • memory/4972-4-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB