5395332dd67677a7030bcd79234522d62ac889ae7a0493bfab671fa5f8bae58e

Analysis

max time kernel
145s
max time network
144s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe
Size

65KB
MD5

69c318a109e77e1d55dc0c53236effc0
SHA1

cfce4537cbb3cfbb7fbdffac51f61bd0ec1cbef5
SHA256

5395332dd67677a7030bcd79234522d62ac889ae7a0493bfab671fa5f8bae58e
SHA512

496b55853e810e262eab80ff276ebce90c6b5108d45b40e31a70a525ca41123f4d888c794f637c919a05c8738014350ccc0e6ed53624795c101140c53b91b33a
SSDEEP

768:eeJIvFKPZo2rmEasjcj29NWngAHxcw9ppEaxglaX5uA6:eQIvEPZovEad29NQgA2wQle5i

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

pid process

2988 ewiuer2.exe
2448 ewiuer2.exe
2940 ewiuer2.exe
1204 ewiuer2.exe
2328 ewiuer2.exe
1132 ewiuer2.exe
1876 ewiuer2.exe

pid	process
2988	ewiuer2.exe
2448	ewiuer2.exe
2940	ewiuer2.exe
1204	ewiuer2.exe
2328	ewiuer2.exe
1132	ewiuer2.exe
1876	ewiuer2.exe

Loads dropped DLL 14 IoCs

Processes:

69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

pid	process
2924	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe
2924	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe
2988	ewiuer2.exe
2988	ewiuer2.exe
2448	ewiuer2.exe
2448	ewiuer2.exe
2940	ewiuer2.exe
2940	ewiuer2.exe
1204	ewiuer2.exe
1204	ewiuer2.exe
2328	ewiuer2.exe
2328	ewiuer2.exe
1132	ewiuer2.exe
1132	ewiuer2.exe

Drops file in System32 directory 3 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exe

description	ioc	process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exeewiuer2.exe

description	pid	process	target process
PID 2924 wrote to memory of 2988	2924	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 2924 wrote to memory of 2988	2924	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 2924 wrote to memory of 2988	2924	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 2924 wrote to memory of 2988	2924	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 2988 wrote to memory of 2448	2988	ewiuer2.exe	ewiuer2.exe
PID 2988 wrote to memory of 2448	2988	ewiuer2.exe	ewiuer2.exe
PID 2988 wrote to memory of 2448	2988	ewiuer2.exe	ewiuer2.exe
PID 2988 wrote to memory of 2448	2988	ewiuer2.exe	ewiuer2.exe
PID 2448 wrote to memory of 2940	2448	ewiuer2.exe	ewiuer2.exe
PID 2448 wrote to memory of 2940	2448	ewiuer2.exe	ewiuer2.exe
PID 2448 wrote to memory of 2940	2448	ewiuer2.exe	ewiuer2.exe
PID 2448 wrote to memory of 2940	2448	ewiuer2.exe	ewiuer2.exe
PID 2940 wrote to memory of 1204	2940	ewiuer2.exe	ewiuer2.exe
PID 2940 wrote to memory of 1204	2940	ewiuer2.exe	ewiuer2.exe
PID 2940 wrote to memory of 1204	2940	ewiuer2.exe	ewiuer2.exe
PID 2940 wrote to memory of 1204	2940	ewiuer2.exe	ewiuer2.exe
PID 1204 wrote to memory of 2328	1204	ewiuer2.exe	ewiuer2.exe
PID 1204 wrote to memory of 2328	1204	ewiuer2.exe	ewiuer2.exe
PID 1204 wrote to memory of 2328	1204	ewiuer2.exe	ewiuer2.exe
PID 1204 wrote to memory of 2328	1204	ewiuer2.exe	ewiuer2.exe
PID 2328 wrote to memory of 1132	2328	ewiuer2.exe	ewiuer2.exe
PID 2328 wrote to memory of 1132	2328	ewiuer2.exe	ewiuer2.exe
PID 2328 wrote to memory of 1132	2328	ewiuer2.exe	ewiuer2.exe
PID 2328 wrote to memory of 1132	2328	ewiuer2.exe	ewiuer2.exe
PID 1132 wrote to memory of 1876	1132	ewiuer2.exe	ewiuer2.exe
PID 1132 wrote to memory of 1876	1132	ewiuer2.exe	ewiuer2.exe
PID 1132 wrote to memory of 1876	1132	ewiuer2.exe	ewiuer2.exe
PID 1132 wrote to memory of 1876	1132	ewiuer2.exe	ewiuer2.exe

C:\Users\Admin\AppData\Local\Temp\69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2924

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2988

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2940

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1204

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2328

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1132

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
8⤵
- Executes dropped EXE
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9I3S5V8J.txt
Filesize
229B

MD5
b85dcbffd4940e505fff6f46e5015e63

SHA1
d3f60c467251fb615a2f74411189f777c096e077

SHA256
19ffc1523cbb388b8feb10bf421021c93f638f809ad9d36930ea9f7346095d10

SHA512
fd102149a2eb6692b0d73778df4331e561d0512558f9d4806bfaa6cd4b7bc4bc1c2dc7d4d4728a2f006891908d1b2ef23aaddf3c8b9c913f62d69201d0ddfd42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I20J7718.txt
Filesize
230B

MD5
27a2eaf62e132351dd90d8713b02720b

SHA1
836d3d1c92c777182232f4da36bd3ca5e1bb0858

SHA256
688a542e0a12abe1e699f97962846ffb31b2d0578dc49bc4be36acf50fbdccf8

SHA512
5a45c9aa8616dcdae2d1b0076b952b151adc0e3548566ef2e63746dacf1447fc48fc34ebec1480561fae96adf2aee43b8d01e6f726acad72572f2ce65eec3ada

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe
Filesize
65KB

MD5
ded11d79b332679d9216c696eea0c85c

SHA1
a8f42e91e94c01a6e8b5d8dff77ba1677dc460dd

SHA256
4a797e14b860d70ec42a932d8d0ecb3267076c02201fe4aed678386c2673b42e

SHA512
dd2ba1a507fb7ff3214720487ae1be3ecde0b5ec0ca1657cc053644befd5a2c02213b34fc7fb2e90d6b6293e34a68034113dc0fa985a1a80ef67ddd7eb4c0a9e

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe
Filesize
65KB

MD5
e7b6d6a24cb6a032f787a06ab62b295d

SHA1
688ad4349f63eec19f11b535d1837961ebf1097f

SHA256
cffff883c5951b251ad0c257c1a22ebb2d3900b37776c7623e31d88852ff61ed

SHA512
cd002e47cce861e511e713edfd6d00716006a1eafb269fb29bfc98c58b776b73d1c13795f73863953f4f004913ae0e79a93d6d949aab819cef30343ad7929207

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe
Filesize
65KB

MD5
bd5ae0b4608ea86223d1d31c05368a8d

SHA1
08048f912c51a94cf2abb2826f1ad319aab15715

SHA256
577aed2c14575e1557d3c4d29d56fc9967cfb24111ebdb7f177d94664788475a

SHA512
2067ece209ff83b1f5c829fb712ec9907ed9e57c5d1a9f97f1a6018756cc296e1faf2dc9af336569f1b5fe0a8b35677a3d30e4b6bcd702218536d2612f24464c

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe
Filesize
65KB

MD5
f65234642ebe49888eb0b5d0ee7a77d6

SHA1
5dbfe4fd24d4643574c131954012c6708bbf60a0

SHA256
8e8949a07ba7bf00c3339d6fc728ae1815adb93718af494a27eda110da4a66f2

SHA512
cfa70f13fabfe91e6f43520a565a44369dcdde2a0980e20aca7e745757d0e515130b1c45dca9f74e9dd3cc385211231ebb845d5d094da3488c85e0309e612ed2

Download Submit
\Windows\SysWOW64\ewiuer2.exe
Filesize
65KB

MD5
6d018618f026363b93ff2903de617395

SHA1
685bec650bb57daa7b6a48894b1e15a9ff9efecc

SHA256
c00718b1febf2cf79aa8972c4d1b0285daee6d2a9fe7344e87e683169f565a2e

SHA512
e1e8e5b81d880a8f2096f0330d14ed665790d278655c6ba367ff33190ce1d3d41a29efcfc1a150733ab58fcd4ea4bdc94d90f2121b8355b6a6f4c477b8e38843

Download Submit
\Windows\SysWOW64\ewiuer2.exe
Filesize
65KB

MD5
14af68d40d7bcebf4e2ec6de4ae6f30e

SHA1
e15db753411db22634670984220d05a316e63a14

SHA256
6035f19133529da6d1255b642bce80ed74b77123f995c41cb3052baa40fa71e5

SHA512
d1907d5229b8dd645fea22a48d12408f64703a6b8c41995f513f15a8525ccbd30934717e72d4359c7d9647c693f12cf1d811dc44940f1aabdc2b584436e87876

Download Submit
\Windows\SysWOW64\ewiuer2.exe
Filesize
65KB

MD5
f5659a0ece87db409ce5f10782f9780c

SHA1
46c219fc8fdb2b3d963928281f47e83a10feb205

SHA256
1bd1c1f4597dba1990089750f092cdfc131d0f87dd135f63dc99085afd156dc8

SHA512
fa917332e2a3c9cf1a0bef179465c0ab20bf2b0144ad4e1e0c77bb475ff8c37c45d7c6be2bc15832c4b162d030df1df6766b653df8cce9ba8ad14b3fa4f1edbd

Download Submit
memory/1132-78-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1204-61-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1204-51-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1876-86-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2328-64-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2328-62-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2328-75-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2448-35-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2448-26-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2924-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2924-8-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download
memory/2924-9-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download
memory/2940-39-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2940-49-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2940-37-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2988-24-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2988-18-0x0000000002250000-0x000000000227A000-memory.dmp

Filesize
168KB

Download
memory/2988-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2988-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download