270f8e6e7e7cb713e5ad808daca88b8c59a05b0a302e2320c04863024e37f6e9

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:25

Target

77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe
Size

26KB
MD5

77890f1b96a9bd5cf6543c35f1f60240
SHA1

c73e42743a9a2d2bd4a90bfd37b7370d730ff8a6
SHA256

270f8e6e7e7cb713e5ad808daca88b8c59a05b0a302e2320c04863024e37f6e9
SHA512

53226b905e11abf37e7b20a033d78b875333c197231956934a4640f69fd92b3d7e90c7f03ea53f8cc04a68c6ce91d6adcfe046e561afe6ec314dfef50816470d
SSDEEP

384:WQoEmqWUIncBpEzjvehWtFx7UJxlfS+Ui0MX97nw:WQEqsncbKjW8tz7axlfSri/Xxw

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

psie.exe

pid process

2576 psie.exe
Loads dropped DLL 1 IoCs

Processes:

77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe

pid process

1920 77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2576	psie.exe

pid	process
1920	77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe

description	pid	process	target process
PID 1920 wrote to memory of 2576	1920	77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe	psie.exe
PID 1920 wrote to memory of 2576	1920	77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe	psie.exe
PID 1920 wrote to memory of 2576	1920	77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe	psie.exe
PID 1920 wrote to memory of 2576	1920	77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe	psie.exe

C:\Users\Admin\AppData\Local\Temp\77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\77890f1b96a9bd5cf6543c35f1f60240_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\psie.exe
  "C:\Users\Admin\AppData\Local\Temp\psie.exe"
  2⤵
  - Executes dropped EXE
  PID:2576

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\psie.exe

Filesize
26KB

MD5
3ffb74775c1f058897ebc8c09bb557d8

SHA1
5e2b7bff659ace5cb10ec26635b2ddb2894df6ad

SHA256
b6b18f48e5b3365e3d4551502c795db58688f12699f164129746829ffb40b1e2

SHA512
d62a68499cec55da5e83d9c92c165ba3ad82d6e1ffc4cecad4ead3ac57372b90977924a7f291bc7abb74487d8fd0742d48e07595dec34fba439d2eceab6fb621

Download Submit
memory/1920-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1920-2-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/1920-7-0x0000000001E00000-0x0000000001E07000-memory.dmp

Filesize
28KB

Download
memory/1920-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2576-10-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2576-12-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download