12317987cfec4b474be8636e3fd24c8a2866c0a53a2e440c6415daf1853f7d26

Analysis

max time kernel
126s
max time network
151s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:26

Target

6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe
Size

37KB
MD5

6cef5932945e088341d8ff8c72333be0
SHA1

a0db9aa71231fc3974b86a6f6c3ff3e482b3c2f5
SHA256

12317987cfec4b474be8636e3fd24c8a2866c0a53a2e440c6415daf1853f7d26
SHA512

4ee0843d519fce6d74e5d8c93493bab922dac688cc7cfbe104997b3dc71f7cb58c485011a8d1d63772261f7cfb61caafd3f8ef44d62353c8892c461933b461bc
SSDEEP

768:fTz7y3lhsT+hs1SQtOOtEvwDpjfAu9+44:fT+hsMQMOtEvwDpjoIH4

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

misid.exe

pid process

3040 misid.exe
Loads dropped DLL 1 IoCs

Processes:

6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe

pid process

2276 6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3040	misid.exe

pid	process
2276	6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe

description	pid	process	target process
PID 2276 wrote to memory of 3040	2276	6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe	misid.exe
PID 2276 wrote to memory of 3040	2276	6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe	misid.exe
PID 2276 wrote to memory of 3040	2276	6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe	misid.exe
PID 2276 wrote to memory of 3040	2276	6cef5932945e088341d8ff8c72333be0_NeikiAnalytics.exe	misid.exe

C:\Users\Admin\AppData\Local\Temp\misid.exe
"C:\Users\Admin\AppData\Local\Temp\misid.exe"
2⤵
- Executes dropped EXE
PID:3040

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
37KB

MD5
da22a9f7ecfaf4959ae62a0047525c8a

SHA1
fc6a6aaa5a7f2f0fe7cc807696a0d94f91348900

SHA256
ae512eeb48d9e033f719f5753a4a3e6e24362833638c2921e726f18ed4342712

SHA512
5c3f31c70164ed5640bf1e97731eefe2404f0c8b7d70675d99e6603fcef51c8920f56241c1abdb2e2869fcad9a83f8625d510ac5b0c539cc407372528fb288a5

Download Submit
memory/2276-0-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2276-1-0x0000000000370000-0x0000000000376000-memory.dmp

Filesize
24KB

Download
memory/2276-8-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/3040-22-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3040-15-0x0000000000310000-0x0000000000316000-memory.dmp

Filesize
24KB

Download