Analysis
-
max time kernel
133s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 08:56
Static task
static1
Behavioral task
behavioral1
Sample
011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
011f3ccd963e1e61292bcbecdff29ab0
-
SHA1
8a642edd1f84cf4df8da4a0857c93bb6d570a34c
-
SHA256
7e3e159a767af0626537c12ea57fe76b028042a65fdcdf87510f48d7c30302fa
-
SHA512
9948f3317fb94cfe763c02561b74be3358c30ca0dc3f6836677b191173bb3cf9a43136bde8293bc73dc3c685765fdb989796731c56dddd0903486594954ef3b4
-
SSDEEP
1536:zvvSjrPgawlHWzMLP0OOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zvvSj8aKHWgLP0bGdqU7uy5w9WMyhN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2592 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3448 wrote to memory of 5644 3448 011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe 84 PID 3448 wrote to memory of 5644 3448 011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe 84 PID 3448 wrote to memory of 5644 3448 011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe 84 PID 5644 wrote to memory of 2592 5644 cmd.exe 85 PID 5644 wrote to memory of 2592 5644 cmd.exe 85 PID 5644 wrote to memory of 2592 5644 cmd.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\011f3ccd963e1e61292bcbecdff29ab0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3448 -
C:\Windows\SysWOW64\cmd.exePID:5644
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2592
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5163939a9d131f1e1d4a55f0c1f19d89a
SHA10b5a24a522d494f15e7bab20d8467a93b3512c1d
SHA25634cba237d318e82d0bd6def111fe238c27a18c7d3351af7f502300e355ca6501
SHA512b838f3bfe359fa8451f63e09fd6b57f5c05b56f0712ba855937995a772b4500d0d73067249b5716c1dc90e58426bc876572dad5135f1f42dd2a4e10caeb4ad0d