94120ac7aee1d45761b825c6319d83b4fe9b4f776e9bd22fe82c2d152e472386

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe
Size

988KB
MD5

dd06c6977f9ccc8efa866fb791973b40
SHA1

1f808d0b4c04541c99ef9db8c243cc7b3cfe261b
SHA256

94120ac7aee1d45761b825c6319d83b4fe9b4f776e9bd22fe82c2d152e472386
SHA512

fb437da16348e46063da1473e95cc7e79f86ce9fd88e1ba5b535a28972314960aa0bf209d37de6364e3dd5b6606cc3e9587caeceeca5736b00f08175e962fd29
SSDEEP

24576:3M+4SixPXABEEL39HMnDopnWZ5ja/ZS6o77LQdmbgrr:3MqixGTF2Dknu5jgrobqa0r

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2472	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2472	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
1952	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	pastebin.com
4	pastebin.com

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2472	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1952	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2472	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2472	1952	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe	29
PID 1952 wrote to memory of 2472	1952	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe	29
PID 1952 wrote to memory of 2472	1952	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe	29
PID 1952 wrote to memory of 2472	1952	dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Users\Admin\AppData\Local\Temp\dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dd06c6977f9ccc8efa866fb791973b40_NeikiAnalytics.exe

Filesize
988KB

MD5
e585681628a52f797d90a6914699f4f0

SHA1
f2ced66c0a46a74f1cee7c4d27f7370d42c20523

SHA256
5e57b181d78bf7d8d73bb793575d507e3330265abd3724234c0acefc4305ff9b

SHA512
7f92d34ab64296d3f1e5f253ab6b28c02c6dc7ce50f94f832ff82a3fcc9582ececc6f874d6ab6919e7b6f366feb112985685429aeb3177b1b515ba7128a36fe3

Download Submit
memory/1952-0-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/1952-7-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2472-9-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2472-10-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2472-16-0x0000000002EA0000-0x0000000002F8F000-memory.dmp

Filesize
956KB

Download
memory/2472-32-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2472-38-0x0000000009850000-0x00000000098F3000-memory.dmp

Filesize
652KB

Download