Overview

overview

7

Static

static

3

27f5e41c31...cs.exe

windows7-x64

7

27f5e41c31...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27f5e41c31c39fef1c1b860c84d4f4a0_NeikiAnalytics.exe

  • Size

    52KB

  • MD5

    27f5e41c31c39fef1c1b860c84d4f4a0

  • SHA1

    73f72944c4a37683a204b88d552d8554505641d0

  • SHA256

    f9f9479bb920a31f25483f38744224fd811146bdc3d444b78445ac8b7f5b4084

  • SHA512

    a060205fbae6735267568cdbe5a0c7cb1c92ef58481a4f1eba7ac763a636484445ed55095d035491841b7c2c1da474f7e81a13c1c73cf32274381aa0807d42c1

  • SSDEEP

    1536:0MB82vyvDnKPg9xSGt43daa3pD2GbAwOHM:tlYDK4t43daaR2G3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27f5e41c31c39fef1c1b860c84d4f4a0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\27f5e41c31c39fef1c1b860c84d4f4a0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Users\Admin\AppData\Local\Temp\salyban.exe
      C:\Users\Admin\AppData\Local\Temp\salyban.exe
      2⤵
      • Executes dropped EXE
      PID:4360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\salyban.exe
    Filesize

    52KB

    MD5

    2bc9c3124f2571371ca50ad22b235306

    SHA1

    63e4143677698730172df6962ce76294ba54ef07

    SHA256

    c2628bf8641260cfb4c325cd3dbd5ac6bfb463289cb065e13034633935a81c56

    SHA512

    53475847a31cb0a5c93cdc787c68b4b1e1431d744a8e749ce56d5ef1b50452eae1252e17af91e96d735d52e363a0ab93f2b1bac7ad9a49e7597d0df9186ca5e1

    Download Submit

  • memory/2136-0-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4360-5-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download