244fabab5761d4df2043ccbd35271b2c82aa7a4074aa483ba5f110ccce148034

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe
Size

84KB
MD5

46693290b8e2ff4817dd8fb83e83a0c0
SHA1

d3c8f3b6b8ef029f4297020b5a9b4e0c28bf5bee
SHA256

244fabab5761d4df2043ccbd35271b2c82aa7a4074aa483ba5f110ccce148034
SHA512

a54840de107e0bb451c5f685a3c0af0cadb8acfbb83f23aa25aa1e5927fd7c43d074cde5ac4fd50d87a4db3871918158baf49402f9d517c3d33528f7e63d7e2a
SSDEEP

768:QYHfYErkXzFlB8hRWXZUdqXnzdPLqXbC5t+1l7dExNvI:9rkXjmXABTqXWt+1RdE8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1928	hummy.exe

Loads dropped DLL 2 IoCs

pid	Process
2140	46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe
2140	46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 1928	2140	46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe	29
PID 2140 wrote to memory of 1928	2140	46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe	29
PID 2140 wrote to memory of 1928	2140	46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe	29
PID 2140 wrote to memory of 1928	2140	46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\46693290b8e2ff4817dd8fb83e83a0c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\hummy.exe
  "C:\Users\Admin\AppData\Local\Temp\hummy.exe"
  2⤵
  - Executes dropped EXE
  PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
84KB

MD5
484ea8cd1e521621bcc1d2b63d0dc795

SHA1
c457052ec0ae10b1440012a6bfc979711225d73f

SHA256
d264b211da7a939212eb3baad30490ffc39a175e4349628d792825873ef29e56

SHA512
bfd170764f8dcf017bd52633842314201d6f3a2d9e93f826b2790cd03d50358034bf2a31c9318d69f48dfe43a344e51eb3dc917917b7fc8b52e1010e20887adf

Download Submit
memory/2140-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download