Overview

overview

7

Static

static

3

be1564dcd6...cs.exe

windows7-x64

7

be1564dcd6...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/05/2024, 14:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    be1564dcd6fe6f29c1318281b738a170

  • SHA1

    8277f0e78b76dbbb1e6585e156d0200810278806

  • SHA256

    1c0b220570048bc2a025fcb4e89e4879a1cd374b5329fa1593d8cf1518d9f73f

  • SHA512

    cbcdbd632ebf2f828b6690a0115939b4748ee91dcef6607c5c1631b417c3c406795515b9c004009522f96675f65edbb3fd0692c87007941a86973ce01e3eb90f

  • SSDEEP

    1536:hbyfGPRcsfK5QPqfhVWbdsmA+RjPFLC+e5hI0ZGUGf2g:h+fG9NPqfcxA+HFshIOg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\be1564dcd6fe6f29c1318281b738a170_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c $TMP!10@.COM
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Users\Admin\AppData\Local\Temp\$TMP!10@.COM
        $TMP!10@.COM
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1672
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 00.exe
          4⤵
            PID:2852

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Users\Admin\AppData\Local\Temp\$TMP!10@.COM
      Filesize

      73KB

      MD5

      613f7e3d7ddb1f46bacece5f77388095

      SHA1

      47e828581fef3f58222bb0f2ef5a50ce920ee659

      SHA256

      395849bd5a1f19741d66529aba7f1af9f5d7f97ac5c5ea9bd44070113d5d7cf0

      SHA512

      a1b76a4e1979ddb770bce456fdbf2dfb54a24bc842e7c78624962f79246654e8bf15a7f0177bcc1d7d0e9343925d936c8b8f2a59e4899cd075c03b147331c604

      Download Submit

    • memory/1672-10-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2332-11-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.