41018e34df5f64f3fcd2937e8b60fc5d8dc617386c273fc1b2bef75740d0d099

General

Target

1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe
Size

61KB
MD5

1758fe8fb2f0936eee223eac07d05590
SHA1

bc10f1ad131299242544acfcaf3ebcc245456bd1
SHA256

41018e34df5f64f3fcd2937e8b60fc5d8dc617386c273fc1b2bef75740d0d099
SHA512

955a40af68e8394a7328d88d7ccf92c8e9558b81ee0f4143d809ec904817c259c75242c0f77cf51ad70c08ee5d0ab451052bdd30c9ad8a5cfa9adb3341ca490f
SSDEEP

768:9eJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:9QIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2060	ewiuer2.exe
2424	ewiuer2.exe
2680	ewiuer2.exe
2036	ewiuer2.exe
2488	ewiuer2.exe

Loads dropped DLL 10 IoCs

pid	Process
1924	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe
1924	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe
2060	ewiuer2.exe
2060	ewiuer2.exe
2424	ewiuer2.exe
2424	ewiuer2.exe
2680	ewiuer2.exe
2680	ewiuer2.exe
2036	ewiuer2.exe
2036	ewiuer2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2060	1924	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	28
PID 1924 wrote to memory of 2060	1924	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	28
PID 1924 wrote to memory of 2060	1924	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	28
PID 1924 wrote to memory of 2060	1924	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	28
PID 2060 wrote to memory of 2424	2060	ewiuer2.exe	30
PID 2060 wrote to memory of 2424	2060	ewiuer2.exe	30
PID 2060 wrote to memory of 2424	2060	ewiuer2.exe	30
PID 2060 wrote to memory of 2424	2060	ewiuer2.exe	30
PID 2424 wrote to memory of 2680	2424	ewiuer2.exe	31
PID 2424 wrote to memory of 2680	2424	ewiuer2.exe	31
PID 2424 wrote to memory of 2680	2424	ewiuer2.exe	31
PID 2424 wrote to memory of 2680	2424	ewiuer2.exe	31
PID 2680 wrote to memory of 2036	2680	ewiuer2.exe	35
PID 2680 wrote to memory of 2036	2680	ewiuer2.exe	35
PID 2680 wrote to memory of 2036	2680	ewiuer2.exe	35
PID 2680 wrote to memory of 2036	2680	ewiuer2.exe	35
PID 2036 wrote to memory of 2488	2036	ewiuer2.exe	36
PID 2036 wrote to memory of 2488	2036	ewiuer2.exe	36
PID 2036 wrote to memory of 2488	2036	ewiuer2.exe	36
PID 2036 wrote to memory of 2488	2036	ewiuer2.exe	36

C:\Users\Admin\AppData\Local\Temp\1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2060
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2680
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2036
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        
        PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H9XQXR31.txt

Filesize
229B

MD5
0b5428c375ce4b4e4e5e8178bb0f604b

SHA1
e069e6bfe27078f77029b0193f123fb0c237821b

SHA256
784bb53d89de3ea39d16f301dbf58722965ead608e30d5fcc84012777369c0ee

SHA512
92509ba5ed43505408ad64c919d9d3da513f02d715e6712990217b1f09986dc62321b9723611405562b8167e449c15e99b39bdb3457cec23700651d51593d2e1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W46X3ZXF.txt

Filesize
230B

MD5
7d5d636c759892fe963f2a62aca4584b

SHA1
423884ce4d944b7259ff39a544e6019b276cefdb

SHA256
5b38c62e9619eca07cedf064b9aa72753a4c83530c6fd14b94f0d4d3384487a6

SHA512
71477b1bce7c10402716c0f200f715e76948359b330dde3fe04af720da3020e60bc59b5cff8da5710cb32f386612a90991cd67dbdf7d77bedb7c86a3411e75d8

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
5eb26f97b70c6bbd30e9bf2e00656161

SHA1
784df3822f27ee1defc08a90c20cf12f17815efa

SHA256
b9f09210c96cab6ece03f4d7ea0ea635ce569baa4bdf797c821d84176ef58ad7

SHA512
1788d9e6b3f13d8312549ce1a8c035c1ec29834b5ff064b5322efab7f4e396ac75e131d97cdde552146b81524cd7300611856f41d58142c1cc7d543712d006fe

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
f411f1c50d7b1f29475b1c957e6e5cc8

SHA1
bcdc7ced793f014ee0117a576b51a9c400fda3b0

SHA256
191bca566cb9b2891af5b0a9d11aa9cc6aa54b95406f681f3fb50585915e865e

SHA512
2ab5b3284f179808a11e4383c70fdb6204a18eba41abba64afd9769e3bafd0d87aa13861884905558dd30ab5e403a87a1f163da445057bb5dd1770349cfd1694

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
995adeda0ec642224e33a784fa9912e3

SHA1
1261d100488f7acb050cdc6d0b11ffe79a193085

SHA256
970087f70c6f2131752d1e4f947ba0847eb3e79db7d2d4bd23f1634f9860e7bf

SHA512
9e4b5519e98c2e0b52adacc779e425808ec1a71fcab724dfe3a88b4c67dd3c2827d795b3cede761aa51d2d95130f6a20345f1b40ba9df1f7b3945b28873aa868

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
10fb29e1700acd0cb70b0f03082ec56f

SHA1
a24047fae65611e7a5c5952dc0ea61dc2057ba82

SHA256
00d1b3890eb678293cfdd19eb2abeb4f48512bf29582685899e0e9c53f572ca1

SHA512
123b5d83e47a5d558f7c21e65dcc9ab0f38462b9d293a1dfef938f33e978da20ad6d7a9170ccc7012a14cbaf3c9765702ffe121b42d27ce9c961df5dc8437673

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
6b773f356cda6559867205aa9cffb709

SHA1
a6fc9dadae04b4f3939c1959eefaaf0ae40b504e

SHA256
4ed4ab7d1592709f3c03f9aef817b1ac606e886c025fd2fa6810694ad70665ad

SHA512
53dfda1d4c128c3fbf3df7167238267edb099ab1735e1b1984c317f7624dea03359cb5df98c9a6c24fcde86adef68646cbc5b4a0ecdf39788fb0b487d9067754

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads