Overview

overview

7

Static

static

3

060c986276...cs.exe

windows7-x64

7

060c986276...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    060c986276aa44d4e3cb03e41beb05d0_NeikiAnalytics.exe

  • Size

    396KB

  • MD5

    060c986276aa44d4e3cb03e41beb05d0

  • SHA1

    7de71e0101fb3c1f82fb1a62075cf17d800c068c

  • SHA256

    cdce607fba8f50f2947044ab013be3ae0eb4ca41d0dfb2ac3b82755256a1be8b

  • SHA512

    008169561a55fd9e1a3a56d3115aed7d28d792c4719a5c420e9881e83012f56d8ab7b48d53a3d4e3d54775dd1e8cb54ce922ed230b4cd3e2c4a85e483adde3d1

  • SSDEEP

    6144:4jlYKRF/LReWAsUyqkVRY/Je4q3WaIFPU797:4jauDReWT3qJVnayY7

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\060c986276aa44d4e3cb03e41beb05d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\060c986276aa44d4e3cb03e41beb05d0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\ProgramData\iyrxba.exe
      "C:\ProgramData\iyrxba.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Documents and Settings .exe
    Filesize

    396KB

    MD5

    8f95661e99e4e79e6cc50cc5f781874b

    SHA1

    2f27a6db31a8f53e00fc9f38ffef32a31cf4c1a1

    SHA256

    caf1239ee107e5ad4ff28853271262b67d4c51cb35af79e84acd3bb8ca605e66

    SHA512

    0ef9cc11b7655305762adeecd2c84a922657d3be44a8fe26aa995cd1f02250ff2af98e7224b784ac2a4412aee97e05844746c7cfe21553e65ba3c8a1616c96ab

    Download Submit

  • C:\ProgramData\Saaaalamm\Mira.h
    Filesize

    136KB

    MD5

    cb4c442a26bb46671c638c794bf535af

    SHA1

    8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

    SHA256

    f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

    SHA512

    074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

    Download Submit

  • \ProgramData\iyrxba.exe
    Filesize

    259KB

    MD5

    467e68a4ba2ed7a47566459af9c591d8

    SHA1

    bb460cc81779e0e8b96adc63dd197c64671ff190

    SHA256

    389d64aa54264ff60c0c85897996186be80b306f43a8914fdbb3c446a28fd258

    SHA512

    4bd83d29cdc2d48e4ec9b4b24c79e9ce80b4048421b609050d3921c08f38ece996df684d98ff3ac016d2a17d5e066bd4160ce79187d9f82ccee7dd6d0c10af13

    Download Submit

  • memory/620-133-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2768-0-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2768-1-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download

  • memory/2768-14-0x0000000000400000-0x0000000000474000-memory.dmp

    Filesize

    464KB

    Download