Analysis

  • max time kernel
    20s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 15:58

General

  • Target

    10e2dcfcefa8cbd09ec9350ae20d35a0_NeikiAnalytics.exe

  • Size

    538KB

  • MD5

    10e2dcfcefa8cbd09ec9350ae20d35a0

  • SHA1

    2c86134b84c46559dbaa490be0b305b888029bf7

  • SHA256

    6c9a042cdc856fee24d77d9d9482f37b8a8357362f20b5acb20018de8bc16812

  • SHA512

    862adfa3f456aa72d4621f489ec388e0c09fef4515a0c68a8546f1c69f10e85f41112815e012857ef86cb9ba30102c180efe20e79f5351d7303acc2a6f631eed

  • SSDEEP

    12288:wlbU+41gL5pRTcAkS/3hzN8qE43fm78Vy:WbU+N5jcAkSYqyEy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10e2dcfcefa8cbd09ec9350ae20d35a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\10e2dcfcefa8cbd09ec9350ae20d35a0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2876
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev898.tmp!C:\Users\Admin\AppData\Local\Temp\10e2dcfcefa8cbd09ec9350ae20d35a0_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Users\Admin\AppData\Local\Temp\10E2DCFCEFA8CBD09EC9350AE20D35A0_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:2516
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev898.tmp!C:\Users\Admin\AppData\Local\Temp\10E2DCFCEFA8CBD09EC9350AE20D35A0_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\MSWDM.EXE

    Filesize

    80KB

    MD5

    fcc0028ce46b10d2e5baf522651bbc00

    SHA1

    65bf0b7669b24a385358d936ac46ba7d903e64c6

    SHA256

    e6c049e1f492aed202dddc09eb5e7a0b0b1693070fe36698cdc2641180d4f354

    SHA512

    c06a675c9cfa366645b5dae8625182a015ea639077cdcd394c7ecbf8704f92154d72abc2cd0a242cd57093ee75664e4588fc3c6a214ba06b5a511973a58b63f3

  • C:\Windows\dev898.tmp

    Filesize

    458KB

    MD5

    619f7135621b50fd1900ff24aade1524

    SHA1

    6c7ea8bbd435163ae3945cbef30ef6b9872a4591

    SHA256

    344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

    SHA512

    2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

  • memory/2424-29-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2424-27-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2532-16-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2532-26-0x0000000000270000-0x000000000028B000-memory.dmp

    Filesize

    108KB

  • memory/2532-32-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2876-17-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2876-33-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2880-0-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB

  • memory/2880-7-0x00000000002A0000-0x00000000002BB000-memory.dmp

    Filesize

    108KB

  • memory/2880-14-0x0000000000400000-0x000000000041B000-memory.dmp

    Filesize

    108KB