4c741fb422e83d54ea7d056d666a7f98f23963e376d735a607f16eb532fd8a29

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe
Size

82KB
MD5

61d671dbfc714b55cdd68ee0441e41d0
SHA1

c930acea71ad23103714fe16e177d82dd5d730ce
SHA256

4c741fb422e83d54ea7d056d666a7f98f23963e376d735a607f16eb532fd8a29
SHA512

2f8db36e05892d065a88bf749f030bba9bfb30ca677805cee19382f8024310aee38669aa8ef965f5b3f849695a8a8f89b3290f509ebd504df95d5638bf8e7e3b
SSDEEP

1536:zj+soPSMOtEvwDpj4ktBl01hJ0tq1ky7QpB:zCsanOtEvwDpjb

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

misid.exe

pid process

3020 misid.exe
Loads dropped DLL 1 IoCs

Processes:

61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe

pid process

2380 61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe

pid	process
3020	misid.exe

pid	process
2380	61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2380-8-0x0000000000500000-0x0000000000510000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\misid.exe	upx
behavioral1/memory/3020-15-0x0000000000500000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/3020-25-0x0000000000500000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe

description	pid	process	target process
PID 2380 wrote to memory of 3020	2380	61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe	misid.exe
PID 2380 wrote to memory of 3020	2380	61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe	misid.exe
PID 2380 wrote to memory of 3020	2380	61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe	misid.exe
PID 2380 wrote to memory of 3020	2380	61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe	misid.exe

C:\Users\Admin\AppData\Local\Temp\61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\61d671dbfc714b55cdd68ee0441e41d0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2380

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
2⤵
- Executes dropped EXE
PID:3020

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe
Filesize
82KB

MD5
be25606bacd978c555a29c97d31109db

SHA1
ec520b889d02f9f4ccb58f83c0053c023ef685fc

SHA256
25faf4a5ba4264a9fbb9a24cc11abe07ec148171dce90e8cc1262ad60f8a85bd

SHA512
2709c4a7ba68a34f95dfe4169b0273f18e1152fb87cd15161a4a253d076ecabe549a04130b744b5376314728809b88b68e38061aad52dda294b60c1d1196c534

Download Submit
memory/2380-0-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2380-1-0x00000000004A0000-0x00000000004A6000-memory.dmp

Filesize
24KB

Download
memory/2380-9-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/2380-8-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-15-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download
memory/3020-17-0x0000000000410000-0x0000000000416000-memory.dmp

Filesize
24KB

Download
memory/3020-24-0x00000000001E0000-0x00000000001E6000-memory.dmp

Filesize
24KB

Download
memory/3020-25-0x0000000000500000-0x0000000000510000-memory.dmp

Filesize
64KB

Download