Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 11:40
Static task
static1
Behavioral task
behavioral1
Sample
aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe
-
Size
79KB
-
MD5
aef7d2603bc222524f233f2fa31f2020
-
SHA1
bc9c8864961d1b82571fb7e3eb6f3549c489a916
-
SHA256
f7b1879808c84e31b6cc34d345ed918f2560c859cc5726ee1562a9c4825de247
-
SHA512
47dc04aea697baeddba6121b337abc8ac25e77518220622ef1ae8269e7d446ab0b38fc3ec05b44f4b0547fa809340aca75d96e00302ab4d873524885b0768aaa
-
SSDEEP
1536:zv0IAhkxR/QlJUOQA8AkqUhMb2nuy5wgIP0CSJ+5yhB8GMGlZ5G:zvKWxR/IHGdqU7uy5w9WMyhN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 852 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1868 cmd.exe 1868 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2312 wrote to memory of 1868 2312 aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe 29 PID 2312 wrote to memory of 1868 2312 aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe 29 PID 2312 wrote to memory of 1868 2312 aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe 29 PID 2312 wrote to memory of 1868 2312 aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe 29 PID 1868 wrote to memory of 852 1868 cmd.exe 30 PID 1868 wrote to memory of 852 1868 cmd.exe 30 PID 1868 wrote to memory of 852 1868 cmd.exe 30 PID 1868 wrote to memory of 852 1868 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\aef7d2603bc222524f233f2fa31f2020_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1868 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:852
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5c075f887393e3247f55749231b24acdf
SHA11f6f03a177db4fff351e4e8f6f49d58fd91aeeba
SHA256a49f3628298f9e74c4fb3f6fb73332082b5a3d87df3af8637339051a18fade2c
SHA512c20ef21a74cf581d78ec90642a59606f3eb337285b3829b3464caf03a36dbec40a42d248032031920c77422a5a0941249c417bac7410e0375a2a77d30fd864dd