5395332dd67677a7030bcd79234522d62ac889ae7a0493bfab671fa5f8bae58e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe
Size

65KB
MD5

69c318a109e77e1d55dc0c53236effc0
SHA1

cfce4537cbb3cfbb7fbdffac51f61bd0ec1cbef5
SHA256

5395332dd67677a7030bcd79234522d62ac889ae7a0493bfab671fa5f8bae58e
SHA512

496b55853e810e262eab80ff276ebce90c6b5108d45b40e31a70a525ca41123f4d888c794f637c919a05c8738014350ccc0e6ed53624795c101140c53b91b33a
SSDEEP

768:eeJIvFKPZo2rmEasjcj29NWngAHxcw9ppEaxglaX5uA6:eQIvEPZovEad29NQgA2wQle5i

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

ewiuer2.exeewiuer2.exeewiuer2.exe

pid process

5112 ewiuer2.exe
4308 ewiuer2.exe
1836 ewiuer2.exe
Drops file in System32 directory 2 IoCs

Processes:

ewiuer2.exeewiuer2.exe

description ioc process

File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe
File opened for modification C:\Windows\SysWOW64\viesazm.mpk ewiuer2.exe

pid	process
5112	ewiuer2.exe
4308	ewiuer2.exe
1836	ewiuer2.exe

description	ioc	process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exeewiuer2.exe

description	pid	process	target process
PID 548 wrote to memory of 5112	548	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 548 wrote to memory of 5112	548	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 548 wrote to memory of 5112	548	69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe	ewiuer2.exe
PID 5112 wrote to memory of 4308	5112	ewiuer2.exe	ewiuer2.exe
PID 5112 wrote to memory of 4308	5112	ewiuer2.exe	ewiuer2.exe
PID 5112 wrote to memory of 4308	5112	ewiuer2.exe	ewiuer2.exe

C:\Users\Admin\AppData\Local\Temp\69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\69c318a109e77e1d55dc0c53236effc0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:548

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
C:\Users\Admin\AppData\Roaming\ewiuer2.exe
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:5112

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\System32\ewiuer2.exe
3⤵
- Executes dropped EXE
PID:4308

C:\Windows\SysWOW64\ewiuer2.exe
C:\Windows\SysWOW64\ewiuer2.exe /nomove
4⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe
Filesize
65KB

MD5
ded11d79b332679d9216c696eea0c85c

SHA1
a8f42e91e94c01a6e8b5d8dff77ba1677dc460dd

SHA256
4a797e14b860d70ec42a932d8d0ecb3267076c02201fe4aed678386c2673b42e

SHA512
dd2ba1a507fb7ff3214720487ae1be3ecde0b5ec0ca1657cc053644befd5a2c02213b34fc7fb2e90d6b6293e34a68034113dc0fa985a1a80ef67ddd7eb4c0a9e

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe
Filesize
65KB

MD5
86faff6f14cd222debf030699bfd32c3

SHA1
83c1fbcfcbd0b0a2749358aa29871e00d922c6d7

SHA256
e51470860c0e1f6a81666bbbda9b3f789a0d0043d256d2363f0819edbfe9871f

SHA512
eceb7415e0258020fc0db6da9813aab7ced21bae361de80051ff75dbcc50f9d52c036f4e1b4d59e297a75e7c35edde8fc74ece4b356eaae05ee842c9687e0765

Download Submit
memory/548-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/548-3-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1836-17-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4308-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4308-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/4308-15-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5112-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5112-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5112-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download