ea85b5ea61583959feec1849b384f49e136d3b2b9ebc8c03dfc8dbe82f05823f

General

Target

fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe
Size

65KB
MD5

fd6d10a611ce8fa671dd2817c356a2b0
SHA1

e1b82da9e86482455d84890b24ba044d9fa0b4bc
SHA256

ea85b5ea61583959feec1849b384f49e136d3b2b9ebc8c03dfc8dbe82f05823f
SHA512

d5c1e03ffba6251769c376ee5bf446f3290338fa920ed7af199b8fba7ecfdad2cc12ff30a7b1e6a1f3a4df512e0e1617cc62981db385358fc595b0e3f1afa884
SSDEEP

768:aeQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:a9IvEPZo6Ead29NQgA2wQle56

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1244	ewiuer2.exe
2504	ewiuer2.exe
2168	ewiuer2.exe
1660	ewiuer2.exe

Loads dropped DLL 8 IoCs

pid	Process
1248	fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe
1248	fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe
1244	ewiuer2.exe
1244	ewiuer2.exe
2504	ewiuer2.exe
2504	ewiuer2.exe
2168	ewiuer2.exe
2168	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1244	1248	fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe	28
PID 1248 wrote to memory of 1244	1248	fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe	28
PID 1248 wrote to memory of 1244	1248	fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe	28
PID 1248 wrote to memory of 1244	1248	fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe	28
PID 1244 wrote to memory of 2504	1244	ewiuer2.exe	30
PID 1244 wrote to memory of 2504	1244	ewiuer2.exe	30
PID 1244 wrote to memory of 2504	1244	ewiuer2.exe	30
PID 1244 wrote to memory of 2504	1244	ewiuer2.exe	30
PID 2504 wrote to memory of 2168	2504	ewiuer2.exe	31
PID 2504 wrote to memory of 2168	2504	ewiuer2.exe	31
PID 2504 wrote to memory of 2168	2504	ewiuer2.exe	31
PID 2504 wrote to memory of 2168	2504	ewiuer2.exe	31
PID 2168 wrote to memory of 1660	2168	ewiuer2.exe	35
PID 2168 wrote to memory of 1660	2168	ewiuer2.exe	35
PID 2168 wrote to memory of 1660	2168	ewiuer2.exe	35
PID 2168 wrote to memory of 1660	2168	ewiuer2.exe	35

C:\Users\Admin\AppData\Local\Temp\fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\fd6d10a611ce8fa671dd2817c356a2b0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1244
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2168
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PS0616TJ.txt

Filesize
229B

MD5
75d82f2816b0c3c75b1555b34a800cc6

SHA1
155b7705b9af5b250dfce00f52b8cd788312924d

SHA256
d6a21d3a98e207028a2066fe7ecb75548c111e60ffb5fb5c5826c5e4e9ffc3e5

SHA512
411430b80a0594ceb8bd2bfa9da7c856ac678f3e8611f6ddb1167bdf19c5dba60c92025bcff26a55884848e7fd7387b27be052baf6b5c2bf38d4290421971e24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QC154IJ7.txt

Filesize
230B

MD5
b2b1f135bfd80729a2cdcdb9843fc1a9

SHA1
a232e02d857906fe216f5e6f1d343aedf1cebd8f

SHA256
06b8a25248e874594d16a73efce5614bd0d4a89481486c96f982c0574ed4dc5f

SHA512
98eb20ad2d9c1b7dcfdfaa04beb85024aa4eadfcace0f5dd16870244105cee944799ebe8cceb9d4efaa8df9577c0280351baeb89bc344f0714197749d5bda102

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
22c76a23fec5754cd83a22c04434a34a

SHA1
782ae91138f112093ab66f8ee08915dfe9d9f19d

SHA256
225df1b0181ef0f186346e117bc85efe706eba78a0dd6002276b0de91c5b27ed

SHA512
7a811c5384c32736e199ee6c3a8983faf6c8ef644220f7ad32b8fafa3bf1aea94f894efbe30ad2661a0b6a1aedbe9edbd86ab7d6ced66fb70acb86f96a2f90b9

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
5b54d644c311a92269bd1460546151e8

SHA1
2b76e53962a12c41fd5a5c8c15bb3dc094bc6d27

SHA256
734c70871e680378e79b45c57d2e00bfbd09c6b13d37e72c81280316eec48389

SHA512
f59f17749b0519bcb847a9b659fd90417f7302d91375a70511f0c865df12cc98ac83d4580fca1db7fcad21fbb522510d9047d23391fe6414db0fa87197d11292

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
87601e361503d8e76e8de91dbb6d6335

SHA1
37ba81c7916c7596d870aa2233f56671fbc03433

SHA256
b05d4a552a4de922a8622af153eb902c04026971dbff224305407255df404f29

SHA512
aade20655429b4b23f71cf9beb07d544a543736ef10dd81e157be2e31cc480f224a09c43a9f1072e50c0a4d62f0a4a5e7772454c4cb3246d4d9b4eebf3cb38a7

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
5686b828e5fb5eb9b3fa0145e995a98e

SHA1
66ca8358b838ea989dbd15c574d8054048e3fa0c

SHA256
ed34af384bda2a80ce77f2e08d0961ed5965270787f6560a3e13475930198bfc

SHA512
3045d2afaa06313414542777eb2de872f171b3e7d0f8dd4b44dcf3a604b56f1bd38d11d1a6414d8b49e0d41673b2ed446941df576f1cce7a24a229fb8b98cf5f

Download Submit
memory/1244-23-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1244-10-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1244-16-0x00000000027D0000-0x00000000027FA000-memory.dmp

Filesize
168KB

Download
memory/1244-11-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1248-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1660-51-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1660-50-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2168-49-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2168-37-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2168-36-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2504-33-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2504-28-0x0000000000220000-0x000000000024A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads