Overview

overview

7

Static

static

3

6eab6777c4...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 14:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6eab6777c46a90b572f8115fccd10a60_NeikiAnalytics.exe

  • Size

    796KB

  • MD5

    6eab6777c46a90b572f8115fccd10a60

  • SHA1

    10e4cd765c4bf323f48b7691435756b8ebe5f294

  • SHA256

    0be5635db3c4cac2c91c653786de04f7575f1c6124661888b660e86f3fb0f3dd

  • SHA512

    07d6ae89b012817a576793c8db6c0f2e452ffb65120ae26fade07bef7dc6b19dfabd09bde08106233f22959801bcac1d5b44fc334151280de16686257b9d736b

  • SSDEEP

    12288:socexT193/Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kw:so5X93/sqjnhMgeiCl7G0nehbGZpbD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6eab6777c46a90b572f8115fccd10a60_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\6eab6777c46a90b572f8115fccd10a60_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2920
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:3972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    661KB

    MD5

    7505318872c9cfb261f6158436a06590

    SHA1

    2f628b4eeaf9d074a8d620ad5197169494622f29

    SHA256

    b47359f0ea3f5cd074352540af9d8ea668f8cf9be83422ecec1178231261859b

    SHA512

    9c948c2f5f6ed4ecbcf9ebad5762f7e6e3fc1e5a7fcfe24da7d868a4f08906562a9283416c4b0eb27418be0e498d0b680476cba38c8793635362f35cbed79420

    Download Submit

  • memory/2920-0-0x0000000140000000-0x00000001400CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2920-7-0x0000000001F60000-0x0000000001FC0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2920-1-0x0000000001F60000-0x0000000001FC0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2920-9-0x00007FF879430000-0x00007FF879625000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2920-12-0x0000000001F60000-0x0000000001FC0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2920-17-0x00007FF879430000-0x00007FF879625000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2920-16-0x0000000140000000-0x00000001400CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/3972-15-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/3972-18-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download