56260d1cb974d784e781d2168cac18001ff3fca9b0d1a7bea254b24f271b7f5b

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

803d35ad5504509d9453b033d063f540_NeikiAnalytics.exe
Size

65KB
MD5

803d35ad5504509d9453b033d063f540
SHA1

fd04eab79abd2567a6a468eeb4da5633fe31db99
SHA256

56260d1cb974d784e781d2168cac18001ff3fca9b0d1a7bea254b24f271b7f5b
SHA512

eb320306f097c1048b7a36cf9d32cd47cc9be5467724d885952dce7894e03c669f21379e5c6b856480115f545da80056532e2982e47284c55f7bc6e845481d36
SSDEEP

768:9eQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:99IvEPZo6Ead29NQgA2wQle56

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2004	ewiuer2.exe
588	ewiuer2.exe
3036	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 2004	5044	803d35ad5504509d9453b033d063f540_NeikiAnalytics.exe	84
PID 5044 wrote to memory of 2004	5044	803d35ad5504509d9453b033d063f540_NeikiAnalytics.exe	84
PID 5044 wrote to memory of 2004	5044	803d35ad5504509d9453b033d063f540_NeikiAnalytics.exe	84
PID 2004 wrote to memory of 588	2004	ewiuer2.exe	100
PID 2004 wrote to memory of 588	2004	ewiuer2.exe	100
PID 2004 wrote to memory of 588	2004	ewiuer2.exe	100
PID 588 wrote to memory of 3036	588	ewiuer2.exe	107
PID 588 wrote to memory of 3036	588	ewiuer2.exe	107
PID 588 wrote to memory of 3036	588	ewiuer2.exe	107

C:\Users\Admin\AppData\Local\Temp\803d35ad5504509d9453b033d063f540_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\803d35ad5504509d9453b033d063f540_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:588
  - - C:\Windows\SysWOW64\ewiuer2.exe
      C:\Windows\SysWOW64\ewiuer2.exe /nomove
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
65KB

MD5
51923f8f4a52026f62a8a92ff1f2ea0c

SHA1
d802261a787f714be47930e270ab814540e356df

SHA256
9eb9d538c29d0539540ab29a426b945a81266741b9f2c4c232cbca2143d1acab

SHA512
9fe4bee91744911c7ea6c296584b8a59e7f82310db118f3f553f68dfbc82f3e094fcd61b41843a7a4052a5cb4a32532376cbb1274fbb07b04708c647e9a3053c

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
65KB

MD5
86805c19996b136dd96d9a9d955e645a

SHA1
9b47e0f6b76af331f8f81772ecea2b7c65e776dc

SHA256
e1b3002a08836e4710d2a7a186cb551755f751246edb557abf05a9d4441cce95

SHA512
b75654b6816b7d5d5726dab3b940dd5aedba6d2f23fac222b01815c6d38cee410f38b2a601fa74df7616fd4d79cf5f996abc685816baf2647106a40bf29653c8

Download Submit
memory/588-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/588-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/588-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2004-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2004-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2004-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3036-17-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3036-18-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5044-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/5044-5-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads