Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 01:10
Behavioral task
behavioral1
Sample
edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe
-
Size
99KB
-
MD5
edfbc0c5073f338dac135558b5421d20
-
SHA1
2f195b2a03b132b981f4d27c53d239da7ee9ab36
-
SHA256
65a253187fe1060de4a7ba0e2efbaee4836630264c5cb6501438f15b9680e577
-
SHA512
fea8098fac0de161d0c2cda663d6bef3c0dcb0d18c3e0b05cce98639a8c3661a1661b1d11916db66e4b31b874c21e6d858370884b284525c899a2c5f205f498a
-
SSDEEP
1536:4Cd+qitb0bt+FTCQ2j9EvHsdX+u1X20n2eN6wrBXBuOX8pK6fXU:H4b0hR9EE1+u1X2q2e3rB
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2476 conwurm.exe -
Loads dropped DLL 1 IoCs
pid Process 1984 edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe -
resource yara_rule behavioral1/memory/1984-0-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral1/files/0x000c000000015cd2-6.dat upx behavioral1/memory/1984-7-0x0000000001F50000-0x0000000001F65000-memory.dmp upx behavioral1/memory/1984-11-0x0000000000400000-0x0000000000415000-memory.dmp upx behavioral1/memory/2476-15-0x0000000000400000-0x0000000000415000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1984 wrote to memory of 2476 1984 edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe 29 PID 1984 wrote to memory of 2476 1984 edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe 29 PID 1984 wrote to memory of 2476 1984 edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe 29 PID 1984 wrote to memory of 2476 1984 edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\edfbc0c5073f338dac135558b5421d20_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Users\Admin\AppData\Local\Temp\conwurm.exe"C:\Users\Admin\AppData\Local\Temp\conwurm.exe"2⤵
- Executes dropped EXE
PID:2476
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD56051e1f067420b0f52909ccfeff3ba76
SHA1fcf809976a0bbd116841b50b5915d16d53812c90
SHA256e197735cb2a55a5c034d4696ae31e477d61094e751f5fefec75ee5d8fedfd5d7
SHA5124bbb36fff40f5e30a6d843d457ce79940c00904736d2082571b18897e4904020130d935149aae4dba1895b5a05658b53f236f1b46d49679784b00402fee91d6d