Analysis
-
max time kernel
141s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
27/05/2024, 11:39
Static task
static1
Behavioral task
behavioral1
Sample
9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe
-
Size
79KB
-
MD5
9aa7afc3c217d1a0406696f00875b130
-
SHA1
7d5ca353ca388d98653b91d2ecb7ff14d8ff7140
-
SHA256
c0ecd6289767efbcbd65775dd2887ca05e23b69fdac78a15fe4107bf6f46e42c
-
SHA512
8c94ef7205818d8651007ece2f8ba3131aa96c9c34871c8fb92a527eb3da8261e8b404b7284ef9b291a5b878bd426401a416c6bff13cfd545414912d885b9aef
-
SSDEEP
1536:zvrpkO0PMjaPc2RBhnwKVOQA8AkqUhMb2nuy5wgIP0CSJ+5ynB8GMGlZ5G:zvrJO+aPcuHwVGdqU7uy5w9WMynN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2680 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1376 wrote to memory of 412 1376 9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe 84 PID 1376 wrote to memory of 412 1376 9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe 84 PID 1376 wrote to memory of 412 1376 9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe 84 PID 412 wrote to memory of 2680 412 cmd.exe 85 PID 412 wrote to memory of 2680 412 cmd.exe 85 PID 412 wrote to memory of 2680 412 cmd.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\9aa7afc3c217d1a0406696f00875b130_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1376 -
C:\Windows\SysWOW64\cmd.exePID:412
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2680
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD50babb08cce9ffb5404829328d793e652
SHA181e8207b0c49d33a9ade7d53c23729692bfb0f14
SHA256f7b8175ad2ce44e3fa901be451728fc8ab7ebbf9a1265408e61c1de61aeba19a
SHA5122da409a0672d80d38ce2066d520e433fa33bfbd5208b483a872cea84fbaad0f7c79b0576ac38c46c338d112035eed0391a3d10a1515176a90aeb036076d2f8c6