Overview

overview

7

Static

static

3

f80435b0c2...cs.exe

windows7-x64

7

f80435b0c2...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 20:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe

  • Size

    589KB

  • MD5

    f80435b0c2cfce1e973d5cf64bfc2980

  • SHA1

    78d86d3178d1b3c8c6472ad49e07481774e008a9

  • SHA256

    b874b003637e4b635eb40832f962b8bde114e7a8242fa8c596b3767f0052831f

  • SHA512

    59fbaf1555c8ad1b6cd06817719b97dae2f372e8d2f26f7d1e9ac6213a724ab0ff7ccfc2eb8a9027251f4e91120df50c64c36c8ca6fae82c5d8c07df15d9b6e5

  • SSDEEP

    12288:jWBm+95nHfF2mgewFd5OqDT2Z9I7VfaDWFCYn1kfgjdkAz3ULmxzBXpsQDAp:jWBz95ndbgfd5Og2Z9KBoWFCPgjTz3UP

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Users\Admin\AppData\Local\Temp\5302.tmp
      "C:\Users\Admin\AppData\Local\Temp\5302.tmp" --pingC:\Users\Admin\AppData\Local\Temp\f80435b0c2cfce1e973d5cf64bfc2980_NeikiAnalytics.exe 5EE405DFF10900BD38E8864795A51F1C524FA1932F69C0C3B64F03EFB74EDD6391380DBAEEB84DE1BDD811D0FCF7A57A90ABCBD22C2F0A3010F1BC4A2104A363
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2068

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5302.tmp
          Filesize

          589KB

          MD5

          59b15f2b0dd7c5b55e366f0569910e17

          SHA1

          bd441ff23753a5ec3dadf075dd589481e53c1c32

          SHA256

          8c27160275eaffced14598b3a38ea8a55fb05ccf23d26cd83ee5b7d00091e292

          SHA512

          12a691e37525fd9fc1f5ee717500a0901db4e5fba077260d7e73c39da5ff4c33800917c584ad5b1aa6dec878e64416c0c7918e285678a8078c16d50c0070c8d8

          Download Submit

        • memory/644-0-0x0000000000400000-0x0000000000492000-memory.dmp

          Filesize

          584KB

          Download

        • memory/644-5-0x0000000000400000-0x0000000000492000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2068-6-0x0000000000400000-0x0000000000492000-memory.dmp

          Filesize

          584KB

          Download

        • memory/2068-7-0x0000000000400000-0x0000000000492000-memory.dmp

          Filesize

          584KB

          Download