Overview

overview

7

Static

static

3

66e7443943...cs.exe

windows7-x64

7

66e7443943...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 00:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66e74439431b93eb580ca55aca35a080_NeikiAnalytics.exe

  • Size

    39KB

  • MD5

    66e74439431b93eb580ca55aca35a080

  • SHA1

    ff84a8911e71ebecc1b34fea34eba61f03498105

  • SHA256

    905c623d9f447b44419a7aa199053cbacf2047d74dd74244792b9612a4b44c22

  • SHA512

    7bda86b3bd52700aaa4960e3fbc70dfd13b58c46520cfc614dfc7c3e5d9a907537759ea333d2ca017f700e7376d4a91f0771dca3b7dc4a8936572803e9eab86f

  • SSDEEP

    768:Q8eRHO9lFh0ul16sh7iQroCH/f+RjFBSuB2XL:Q9lOZ16sh7iQroCuRB0uK

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66e74439431b93eb580ca55aca35a080_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\66e74439431b93eb580ca55aca35a080_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3084
    • C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe
      "C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe"
      2⤵
      • Executes dropped EXE
      PID:3680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe
    Filesize

    39KB

    MD5

    a67fa545945c0d82f3e6bdc9a2ba2b72

    SHA1

    af94aeaaf2e8b2ea3bf6223556af62f6c837bade

    SHA256

    d4f8c509a039db1c6a8048350e31cd78c3a4b5b9155f00aecfe7ee647a2073d4

    SHA512

    b9c94657eede23b6eda91cc5ebc540281bfa8d0368f3038930e3aa9b55639f7ed51675b3a4e22b5368b4160163a12f1f6e0b9d9572adfc9b640fc494228853ed

    Download Submit

  • memory/3084-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3084-1-0x0000000004000000-0x0000000004006000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3084-2-0x0000000004000000-0x0000000004006000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3084-11-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3680-18-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download