da0fa8cd0958296e687a14fba775381b92ce230523c9af6515e7291e76e2a178

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe
Size

52KB
MD5

532c5c250ba1f56eb80a386e9eaa4f80
SHA1

41c23b64743ef1be208afa33dbe58e7b77306f9c
SHA256

da0fa8cd0958296e687a14fba775381b92ce230523c9af6515e7291e76e2a178
SHA512

9b6a4ed25cef18b543cd7ae2b88a340ee273d16b23048ebbbe53a5c6ec47e1af5abd1cbbb175f29fdeb0bc5c0b016420a3b1658969c0431239fa09862db92aae
SSDEEP

1536:0eqPjXRrs9sINeZEtejlIkoLN127BFVn2p4lAnZ8VHfr0XGd:jqPjXRrs9sINeZEtejlIkoLN127BFVnX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2088	google_updater.exe

Loads dropped DLL 1 IoCs

pid	Process
3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28
PID 3056 wrote to memory of 2088	3056	532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\532c5c250ba1f56eb80a386e9eaa4f80_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\google_updater.exe
  "C:\Users\Admin\AppData\Local\Temp\google_updater.exe"
  2⤵
  - Executes dropped EXE
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\google_updater.exe

Filesize
53KB

MD5
54b5cee9831d3c70fd6552836c8cd162

SHA1
cdf5737f4c5023a96122f4a9ca4361522e59b7e8

SHA256
97442da9f5f660ecb7ccf6ec8b9f6067634d34519d2e1e718eeb59513a5e384c

SHA512
c609e70a900d8552f63c12fecfc3380d3034b0617de24245c68570a6c010adcb2393685b6a2f1e22c047fe5e1ee1bdca067c95ecce23845a09d436828ebcc487

Download Submit
memory/2088-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3056-1-0x0000000000402000-0x0000000000403000-memory.dmp

Filesize
4KB

Download