Overview

overview

7

Static

static

3

81e28232e0...cs.exe

windows7-x64

7

81e28232e0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81e28232e0556eb0385f23d2900b3c00_NeikiAnalytics.exe

  • Size

    805KB

  • MD5

    81e28232e0556eb0385f23d2900b3c00

  • SHA1

    0533aa69b50cbfeecb4c76ba81936d43884f8d06

  • SHA256

    11eee46ccd42bb8b8e7c93b401450975770f7b7ab8811d4ec3dbe3ac90a4f2c1

  • SHA512

    b51eff6bf2d94816dd45003d8bff50e9eacbc42ee0c537e01fdca081a72bcccf3c9856061f1ad1f530f5fe57a3ae929f279127d2ba042f46017513a45c98f3eb

  • SSDEEP

    12288:HlGp0BpeSMIO74u8k7UtnzPgGeB0dPoIlaNyF/ofCVGGfX134R9kMKy:HXHet/HU9zPjeidP1Yi/dGyA

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81e28232e0556eb0385f23d2900b3c00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\81e28232e0556eb0385f23d2900b3c00_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
      2⤵
      • Program crash
      PID:1672
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    fbb77ee97f353b049cfef3613efdfa53

    SHA1

    71ed96cb0b6dcd2a367a5f3e620436e67a5a0b54

    SHA256

    880a67d0a144d15f499ed771a0d70faaedb57cb3662313bb1bc1eff895a37dac

    SHA512

    730b15dbe83371aecc57471f085b277d9f2d50951789e65fc3d759ad0472d4b60590b894072627539befda7543ff7df670b98c3bcd5cb584e49f93d53b0bc7d0

    Download Submit
  • memory/2184-0-0x0000000000400000-0x00000000004CE000-memory.dmp
    Filesize

    824KB

    Download
  • memory/2184-1-0x00000000004D0000-0x0000000000537000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2184-6-0x00000000004D0000-0x0000000000537000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2184-22-0x0000000000400000-0x00000000004CE000-memory.dmp
    Filesize

    824KB

    Download
  • memory/3004-12-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/3004-19-0x0000000000840000-0x00000000008A0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/3004-13-0x0000000000840000-0x00000000008A0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/3004-23-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download