391c4a9efc5fe391b5be45eef1784a73d716d12bd88ca2d63ffc754750e97efa

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe
Size

1.2MB
MD5

035556905825d9de954b2c4c3039fb50
SHA1

94c968fbe37f830a1947dd9b393bb917aed85d4d
SHA256

391c4a9efc5fe391b5be45eef1784a73d716d12bd88ca2d63ffc754750e97efa
SHA512

e7425c82646ccaa6beca650d3aef2a9665a180c5cf3533f289e0545c7a66e566a0fad73d421a752318a9c80832a52fc26547becec1065a039c4395e9d3be9199
SSDEEP

24576:9ZSA8nZHZ9ozY6nHH5H6MUT6baz3CMmxPisRMYguiw7a/ZSya/JXk377Lv+f6T8P:GA8nWzY6nHHd6Z6ba7P+Khw7gxg23bnI

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2196	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Executes dropped EXE 1 IoCs

pid	Process
2196	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Loads dropped DLL 1 IoCs

pid	Process
2228	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	pastebin.com
3	pastebin.com

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2196	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2228	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2196	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2196	2228	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe	29
PID 2228 wrote to memory of 2196	2228	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe	29
PID 2228 wrote to memory of 2196	2228	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe	29
PID 2228 wrote to memory of 2196	2228	035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe	29

C:\Users\Admin\AppData\Local\Temp\035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe
  C:\Users\Admin\AppData\Local\Temp\035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of UnmapMainImage
  PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\035556905825d9de954b2c4c3039fb50_NeikiAnalytics.exe

Filesize
1.2MB

MD5
614015efbff8c5ee236c50436f3b9feb

SHA1
94214fe3c943954ffde769441c48e80eedee2772

SHA256
aa248f923511cf841781d62bc59c500d5ac79aefca59091e4cd3a0a2b0ddd414

SHA512
95cf11c6f5c03e64b0c883cb9a44ff6ca011936cafbfb45441d8e9a890daea75d2c3afc82dae50b28ce7e6e52f2177c0495626bb59efa5af2ab0cd59646b67dd

Download Submit
memory/2196-10-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2196-17-0x0000000002EE0000-0x0000000002FF4000-memory.dmp

Filesize
1.1MB

Download
memory/2196-11-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2196-33-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2196-39-0x000000000EEE0000-0x000000000EF83000-memory.dmp

Filesize
652KB

Download
memory/2196-40-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2228-0-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2228-6-0x0000000002E70000-0x0000000002F84000-memory.dmp

Filesize
1.1MB

Download
memory/2228-9-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download