Overview

overview

7

Static

static

1

35cad251b0...cs.exe

windows7-x64

7

35cad251b0...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 06:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.exe

  • Size

    6.3MB

  • MD5

    35cad251b07b436b37a7b68758e6dcb0

  • SHA1

    b366fce697a10f9b0ecb891dba8c946fec9f72e7

  • SHA256

    639a6e5fe415a2968ff5f0142ed82869d6e3312fd0716b3352971f5268e81aef

  • SHA512

    3415c3c3e27b8774666f82222854ee2330552af560793da40b95cfbb64bffe899b90e952b9f75ec639728aa8b4b91c3b62286326984bbc6da4fcd0431e5319f6

  • SSDEEP

    98304:K9vmVkAiFJFK8f2Yu/EDziwdDzIA5QVm09pHw/92p0ldCTULE3QVfb:SmV4FKw7+TP0ldCTULE3S

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Local\Temp\is-7O27I.tmp\35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-7O27I.tmp\35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.tmp" /SL5="$70122,6381070,56832,C:\Users\Admin\AppData\Local\Temp\35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Users\Admin\AppData\Local\Temp\is-H7V20.tmp\7za.exe
        "C:\Users\Admin\AppData\Local\Temp\is-H7V20.tmp\7za.exe" -p0000 x package_airwebbar_offer_multilang_DYNPACKAGES_WEBINSTALL_.exe -t7z
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2968
      • C:\Users\Admin\AppData\Local\Temp\is-H7V20.tmp\7za.exe
        "C:\Users\Admin\AppData\Local\Temp\is-H7V20.tmp\7za.exe" -p0000 x tuto_flash_.exe -t7z
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:2436

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\is-H7V20.tmp\package_airwebbar_offer_multilang_DYNPACKAGES_WEBINSTALL_.exe
          Filesize

          915KB

          MD5

          13e51107530278a6f4ecd79b28a3b700

          SHA1

          a2cc7925a506bd950d5cd53bff365c8c9ff59d2d

          SHA256

          c03038d87f252aa146b5cc96d51781a4ea758663203c6d60d253a9e5dba2a630

          SHA512

          d19d2b7743c77e5ea5f13bb9bba06885944a9966b3229478c5e47affdd5d6cff3cbff184e9f61058033595f43158ca5e4c241a854dc47c28f0ed5789b4c6e305

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\is-H7V20.tmp\tuto_flash_.exe
          Filesize

          4.8MB

          MD5

          3bb49e9e6936c8532ed518b5f712d0b7

          SHA1

          e9cb75d15bdb128d5fc103d63555403c21a7d77e

          SHA256

          dd4a3619ddbd6f8a8de00aa8abcf3ac1a1d57f777070f72e87cbd2ea33b824ee

          SHA512

          8b3513c9d94bdd1981729b708c30b9c314fad6eae372578d3490f05c06f2cefd67fb4e3e4673712f9b540522ef003f0194ac09221b97bc31f3536ad7586272b0

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-7O27I.tmp\35cad251b07b436b37a7b68758e6dcb0_NeikiAnalytics.tmp
          Filesize

          691KB

          MD5

          9303156631ee2436db23827e27337be4

          SHA1

          018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

          SHA256

          bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

          SHA512

          9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-H7V20.tmp\7za.exe
          Filesize

          589KB

          MD5

          b41886a0207245a4c7179671c6b0e6e5

          SHA1

          a10ecf2371137941ba4dee332b15066d88d4750e

          SHA256

          bf830307efc2b22c44d4d90ced495258e8d3f807d3ef12241e12eb4067c2c067

          SHA512

          9d9f265f2fff74c4cfac32fab636b3515d46b2ae8171a1e188e65c4554580f8e41aaaec184e013f0c2a02da64082f35a802d8f27d950f673bebaaa641839cbd7

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-H7V20.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • memory/2304-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2304-2-0x0000000000401000-0x000000000040B000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2304-38-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2416-8-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2416-39-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download