Overview

overview

7

Static

static

3

5adc08d4af...cs.exe

windows7-x64

7

5adc08d4af...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 14:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5adc08d4af3b348fb5fcdc6105621030_NeikiAnalytics.exe

  • Size

    30KB

  • MD5

    5adc08d4af3b348fb5fcdc6105621030

  • SHA1

    60ebee56f2e408b9c68cf047905d46a28ec4d81e

  • SHA256

    a291961d6bb94946c6697806aef4c01168032a718ceaf2dbe30ea4217e8dd972

  • SHA512

    b0e0e75d735e127ebe4f800e8ffa0dcd72b995ce20dda31e02acaf4d56a2c7b2ad0d332c11705aa66ecf25b733fb692bfca8935f59a5c0fc9dee8ed00226de17

  • SSDEEP

    768:/qPJtUA6C1VqahohtgVRNToV7TtRu8rM0wYVFl2g5coW58dO0xXHV2EfKhJJhgcv:/q0A6C1VqaqhtgVRNToV7TtRu8rM0wYk

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5adc08d4af3b348fb5fcdc6105621030_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5adc08d4af3b348fb5fcdc6105621030_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\microsofthelp.exe
      "C:\Windows\microsofthelp.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\microsofthelp.exe
    Filesize

    30KB

    MD5

    c847714a6725910dec675fd608621fcf

    SHA1

    410ba977d38a48de9848d7555582cd17c3bcbe6e

    SHA256

    f4a5cddb9bd578e261bb8645151f83eedbf037ebe833112696a4e46d68adee57

    SHA512

    1fa0769abfaee4c36330fb6a8ee0c86411d37160a6bfd943006f824350a7d81ab68d646fccaccc7bb9c0061cde2480b8bfba31ea744a71bd97bb543a58e064ff

    Download Submit

  • memory/1728-0-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1728-6-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2420-8-0x0000000000400000-0x0000000000403000-memory.dmp

    Filesize

    12KB

    Download