Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 20:14
Static task
static1
Behavioral task
behavioral1
Sample
f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe
-
Size
589KB
-
MD5
f80435b0c2cfce1e973d5cf64bfc2980
-
SHA1
78d86d3178d1b3c8c6472ad49e07481774e008a9
-
SHA256
b874b003637e4b635eb40832f962b8bde114e7a8242fa8c596b3767f0052831f
-
SHA512
59fbaf1555c8ad1b6cd06817719b97dae2f372e8d2f26f7d1e9ac6213a724ab0ff7ccfc2eb8a9027251f4e91120df50c64c36c8ca6fae82c5d8c07df15d9b6e5
-
SSDEEP
12288:jWBm+95nHfF2mgewFd5OqDT2Z9I7VfaDWFCYn1kfgjdkAz3ULmxzBXpsQDAp:jWBz95ndbgfd5Og2Z9KBoWFCPgjTz3UP
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2996 13BF.tmp -
Executes dropped EXE 1 IoCs
pid Process 2996 13BF.tmp -
Loads dropped DLL 1 IoCs
pid Process 292 f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 292 wrote to memory of 2996 292 f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe 28 PID 292 wrote to memory of 2996 292 f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe 28 PID 292 wrote to memory of 2996 292 f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe 28 PID 292 wrote to memory of 2996 292 f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:292 -
C:\Users\Admin\AppData\Local\Temp\13BF.tmp"C:\Users\Admin\AppData\Local\Temp\13BF.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe 9E8A427ADB1168C06D2794427883EB02C45571902C45750186C2D5D6143D80B54CF0DBAAB2E8583546598E3298BF80DD4B47456D0DEF8AF6A4DD083502FDE4B12⤵
- Deletes itself
- Executes dropped EXE
PID:2996
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
589KB
MD585f3399acb68ea4f5dcbe0e3340e2e61
SHA1209dcec5becb0546b50bb1bfd4c5b5fdcd27eb63
SHA256c03cbca27cb615d4c08c7e09a28afb9fb6548be697f3fe73f268a5b2b82741cf
SHA512cba08d63ba26a48bdebffb8ac06eca9b4f73c75563540004112dac2bf8d25299ad393c05c9fbf78643a8e30b8f1d5db1c18147e203c0629d5249f3640b929844