Overview

overview

8

Static

static

3

6586c221f9...cs.exe

windows7-x64

8

6586c221f9...cs.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6586c221f9b3accf6ae830cb91613b80_NeikiAnalytics.exe

  • Size

    138KB

  • MD5

    6586c221f9b3accf6ae830cb91613b80

  • SHA1

    84a082af45b9f3792454a798b84c1b6bc53079e7

  • SHA256

    25ce4ec60efeed3c0741fac7630bb73019807e6e1cb1536152a70bcf3d21467f

  • SHA512

    840e247cd0413e361a67855d4fec8cd2177ddd6a351fc6054859712d330fae4207bed8965369cbeeb339b09d64e6edc267ed38f14ebf7da30e98e861b8a74e77

  • SSDEEP

    1536:rC2/fYuPfbESFYXRWhpKRycRd57JkIqFHhzm4hWru/BzihhMN45MF5FvHP132xPH:r7YubEwYXRWhpAJUHhzm4hUukS6Kmec9

Score
8/10
evasionexecution

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
    evasionexecution
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Launches sc.exe 4 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6586c221f9b3accf6ae830cb91613b80_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6586c221f9b3accf6ae830cb91613b80_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Windows\SysWOW64\sc.exe
      C:\Windows\system32\sc.exe stop SharedAccess
      2⤵
      • Launches sc.exe
      PID:3092
    • C:\Windows\SysWOW64\sc.exe
      C:\Windows\system32\sc.exe stop wscsvc
      2⤵
      • Launches sc.exe
      PID:220
    • C:\Windows\SysWOW64\1230\smss.exe
      C:\Windows\system32\1230\smss.exe -d
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:624
      • C:\Windows\SysWOW64\sc.exe
        C:\Windows\system32\sc.exe stop SharedAccess
        3⤵
        • Launches sc.exe
        PID:3268
      • C:\Windows\SysWOW64\sc.exe
        C:\Windows\system32\sc.exe stop wscsvc
        3⤵
        • Launches sc.exe
        PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\1230\smss.exe
    Filesize

    138KB

    MD5

    71521cf7eec7763391afca3e9f283ad4

    SHA1

    735f1cc4c3bdca755aecf940ba5e8d7cb669bf15

    SHA256

    c58442c129744272708da58e788b6931416132ab846bbe6030e34d62a46c0b3e

    SHA512

    e2bff61c26edcf69fb1097f5d76855b708bed7b85fb54a2a25be583980350e330e392ee8c816b985ac1fe3311b37326afea2957c0dcfac4b37fd46749a2f84d8

    Download Submit