Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 00:24
Static task
static1
Behavioral task
behavioral1
Sample
29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe
-
Size
79KB
-
MD5
29031196bd02dcce44e5d274fdfec870
-
SHA1
0da89bb43baa1839e42249fd825c52da284a5fbe
-
SHA256
9ac2c393a36e762494782635a2074323ade41a09765dab3bf86cafcb0fb99bf9
-
SHA512
701480ed44678dd9bca34a772aa1adf2ba4a98eccdb6a78ae5de623da18143a7c3f750cab833ffa538b149b6467ef5047b6f7b175f3fe166e054b5ec3e513f0b
-
SSDEEP
1536:zvAGxcVqjZf0T78OQA8AkqUhMb2nuy5wgIP0CSJ+5y/B8GMGlZ5G:zvAGGIfO9GdqU7uy5w9WMy/N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3352 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2412 wrote to memory of 5016 2412 29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe 82 PID 2412 wrote to memory of 5016 2412 29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe 82 PID 2412 wrote to memory of 5016 2412 29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe 82 PID 5016 wrote to memory of 3352 5016 cmd.exe 83 PID 5016 wrote to memory of 3352 5016 cmd.exe 83 PID 5016 wrote to memory of 3352 5016 cmd.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\29031196bd02dcce44e5d274fdfec870_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Windows\SysWOW64\cmd.exePID:5016
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:3352
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD52fd82b424b239b8505f4cd53f7ce6b9f
SHA1b105dd6b3e8adec8d8e4c62de981a2a05bba033b
SHA2566c3dcdb9df082c60520e881efd72ddcf40ef9f36f97e48d610fb898ab573e045
SHA51261c3eb9c4e83effb63e4077ab278de55ec902c56975eab4a83fd32aabe2185e0c542c28632f0a5fbb07d74df6c5370d552213274ed2af19793f20aef94c58211