Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 02:38
Static task
static1
Behavioral task
behavioral1
Sample
799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe
-
Size
84KB
-
MD5
799ded7ab061756ec352b390455502b0
-
SHA1
3fa084bfb562cf685e36c8315dbcffcebb1483db
-
SHA256
d5d7c497c59b164c45787c11c7e741d2f7cbad249743f1c96edaf9ad115fb65f
-
SHA512
35a76f716a6af39ed1e13b2372dc0e88c9c32fabbefca3484c4e0dd942b3511a53af2d9bff69f88de4481c71330b73f0290e548ea8583516df9d76e7600da718
-
SSDEEP
1536:GQ1Tzy48untU8fgMEI3jPYfPiuO8VqCoiK2AaC:GazltUArsaSPov2A1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
799ded7ab061756ec352b390455502b0_NeikiAnalytics.execmd.exeiexpress.exedescription pid process target process PID 1700 wrote to memory of 2120 1700 799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe cmd.exe PID 1700 wrote to memory of 2120 1700 799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe cmd.exe PID 1700 wrote to memory of 2120 1700 799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe cmd.exe PID 1700 wrote to memory of 2120 1700 799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe cmd.exe PID 2120 wrote to memory of 2404 2120 cmd.exe iexpress.exe PID 2120 wrote to memory of 2404 2120 cmd.exe iexpress.exe PID 2120 wrote to memory of 2404 2120 cmd.exe iexpress.exe PID 2120 wrote to memory of 2404 2120 cmd.exe iexpress.exe PID 2404 wrote to memory of 2648 2404 iexpress.exe makecab.exe PID 2404 wrote to memory of 2648 2404 iexpress.exe makecab.exe PID 2404 wrote to memory of 2648 2404 iexpress.exe makecab.exe PID 2404 wrote to memory of 2648 2404 iexpress.exe makecab.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\5FA.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\799ded7ab061756ec352b390455502b0_NeikiAnalytics.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\iexpress.exeiexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\makecab.exeC:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"4⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\5FA.tmp\1.batFilesize
1KB
MD502dba5f37067292355c6d01a57d4ef48
SHA17c67ab3f99fbf7a53018dd295d2968c525db83d9
SHA2568b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242
SHA51212201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a
-
C:\Users\Admin\AppData\Local\Temp\popup.sedFilesize
84KB
MD51b4b39904ed75dcfd748bf4f243065c2
SHA1f6678055f4959dfe8ac26d58ab8339c509ea7105
SHA256b2a513ee8fa9b321b01f5c5e58bd4ff6f4ed0da15cd2153d6b8c927d6c6c88ba
SHA512b870760a1daab9988a2a8c31c9f97b49a67ffcedf189bbf9adf746bcd3657936a5d7d2d0e6bc3531563e3f35343e0a0261b93e70a6a05b628295c15a96021461
-
C:\Users\Admin\AppData\Local\Temp\~%TargetName%.DDFFilesize
724B
MD5c3ca008abd6997c4b036a7e8be75cb2c
SHA105f7a3527bb04c691b08f040f562582035398829
SHA25629ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3
SHA512bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083
-
memory/1700-0-0x0000000000400000-0x0000000000413000-memory.dmpFilesize
76KB
-
memory/1700-17-0x0000000000400000-0x0000000000413000-memory.dmpFilesize
76KB