41018e34df5f64f3fcd2937e8b60fc5d8dc617386c273fc1b2bef75740d0d099

General

Target

1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe
Size

61KB
MD5

1758fe8fb2f0936eee223eac07d05590
SHA1

bc10f1ad131299242544acfcaf3ebcc245456bd1
SHA256

41018e34df5f64f3fcd2937e8b60fc5d8dc617386c273fc1b2bef75740d0d099
SHA512

955a40af68e8394a7328d88d7ccf92c8e9558b81ee0f4143d809ec904817c259c75242c0f77cf51ad70c08ee5d0ab451052bdd30c9ad8a5cfa9adb3341ca490f
SSDEEP

768:9eJIvFKPZo2smEasjcj29NWngAHxcwKppEaxglaX5uA:9QIvEPZo6Ead29NQgA2wzle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
1332	ewiuer2.exe
2932	ewiuer2.exe
2888	ewiuer2.exe
4356	ewiuer2.exe
676	ewiuer2.exe
3736	ewiuer2.exe
2376	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 1332	4940	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	82
PID 4940 wrote to memory of 1332	4940	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	82
PID 4940 wrote to memory of 1332	4940	1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe	82
PID 1332 wrote to memory of 2932	1332	ewiuer2.exe	99
PID 1332 wrote to memory of 2932	1332	ewiuer2.exe	99
PID 1332 wrote to memory of 2932	1332	ewiuer2.exe	99
PID 2932 wrote to memory of 2888	2932	ewiuer2.exe	100
PID 2932 wrote to memory of 2888	2932	ewiuer2.exe	100
PID 2932 wrote to memory of 2888	2932	ewiuer2.exe	100
PID 2888 wrote to memory of 4356	2888	ewiuer2.exe	102
PID 2888 wrote to memory of 4356	2888	ewiuer2.exe	102
PID 2888 wrote to memory of 4356	2888	ewiuer2.exe	102
PID 4356 wrote to memory of 676	4356	ewiuer2.exe	103
PID 4356 wrote to memory of 676	4356	ewiuer2.exe	103
PID 4356 wrote to memory of 676	4356	ewiuer2.exe	103
PID 676 wrote to memory of 3736	676	ewiuer2.exe	107
PID 676 wrote to memory of 3736	676	ewiuer2.exe	107
PID 676 wrote to memory of 3736	676	ewiuer2.exe	107
PID 3736 wrote to memory of 2376	3736	ewiuer2.exe	108
PID 3736 wrote to memory of 2376	3736	ewiuer2.exe	108
PID 3736 wrote to memory of 2376	3736	ewiuer2.exe	108

C:\Users\Admin\AppData\Local\Temp\1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1758fe8fb2f0936eee223eac07d05590_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1332
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4356
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:676
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3736
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
1671def2a0ecbcb31512fa7cb0101f53

SHA1
801d44ebc8c40b740f667da2f26ee175aca47920

SHA256
4ee03ab87d97015abdccc533f1c971f7690380df2ff18f8c33031e89723326ff

SHA512
4e846df34c9c2e5286d37e6261591ea0024d87583acf5b78c8cb6204f49c90789880535df4896c4941ea8df2810c5f02aeadbc1b9ac1bafc3ff0a843589a98c8

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
720d7f8e21755844abfdda121930e3dd

SHA1
04968162a6d598557e36c5a3f47aaa0dfc08dadd

SHA256
65e870e940e97d82f94f3b3ba3ab2a1ec5df16397e0d89843cdd53d86abd6981

SHA512
d5c661ba7d947e4ed7b36bf78150ddc51c301862d3c6853d458cf11204856a81f3cf88c95ab429c9456828e1f731eb5997a9dd44af5ad388fcc549f3d6bebc1d

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
5eb26f97b70c6bbd30e9bf2e00656161

SHA1
784df3822f27ee1defc08a90c20cf12f17815efa

SHA256
b9f09210c96cab6ece03f4d7ea0ea635ce569baa4bdf797c821d84176ef58ad7

SHA512
1788d9e6b3f13d8312549ce1a8c035c1ec29834b5ff064b5322efab7f4e396ac75e131d97cdde552146b81524cd7300611856f41d58142c1cc7d543712d006fe

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
a34b0f19033059418d642a2e732ede61

SHA1
0452e6422187867cb0e2dce19f8ad24b90eff688

SHA256
a200daf9cfcec90ad8f91b8229a925ac5403134564663d0c7e948ef59e92105e

SHA512
3564f0df71f85b535140d82a413fcd94d36b3cd39f94c5f66ff827ad8158054a2a39f05fd92ecf46527926c88b3d23dca6558195c8490ca05f1a77efcd88d78a

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
b89d8c0fe01cf1e723213d25574bd9eb

SHA1
212117e4a7aa0be4240c9523d82cac01f2832ce9

SHA256
c06deba65e2ec0398d009175f8b248db9457354306d2b605eeb2cad5b69d0e7b

SHA512
3e137359aa5aa6d017a239f40281a3c9b239d1d8ad47d3beb822a6b65bcb545cf8a7c2038d376f7b4eaf9f0d074b7cbf06628a1dd6e59a6f723be9578edb845f

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
992376ae1c791a142a3cae85d67b22ab

SHA1
844a5494fe6f78f93c0fbd3ee23851b65ac9980a

SHA256
24ececa37f1a57454503aa0e0f8f512a26d046ffc2a44eee36613dc2ad8e6200

SHA512
d4cb896477c0d1b0abd46ad47218c0214b883d19216ecf3e2bda80a44f29e76f6963611ed70820539e56ebf4499105c1ce2746ec54e03d1ba08bb4f8e1e328b9

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
f74cefbd879206b43ec97b2443f481b4

SHA1
f92f9af013ffb106f7a42d2c3b95908269fd28d4

SHA256
c1ba06b278bc92439ae9483c1a132a7c5694afeff7f90c7f21e1f95727ca4ea9

SHA512
f44f8c31d3fef733c141b8a32c346dc12ec21bfdc892d127d14759a6814cb5de78015109b652b2078c1c48c074867e44528cef492be8fc9562723efe2bf3a809

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads