Overview

overview

7

Static

static

3

3f37f7192f...cs.exe

windows7-x64

7

3f37f7192f...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f37f7192f218e977b4fbbdd75e115f0_NeikiAnalytics.exe

  • Size

    31KB

  • MD5

    3f37f7192f218e977b4fbbdd75e115f0

  • SHA1

    230eb9611aa0aaa6c2bf70060aedeec0ca227ba0

  • SHA256

    85a579d61314b5e58705cbda21dda7ee9fb0c84a23cb58e3d64ea66b849ec922

  • SHA512

    8c5d9667b3b0ff772c22dfa674df3090bf6a467ee2001a554b4ed1097665a57c0efc2a14b52eafec422267ecf668a65f7fab157c315b332690f39abea891f552

  • SSDEEP

    768:PVEHJqjHyGvwFylDpulVSQJrE/2QmlCYZUTZGsJsksL+Se:PH2nylslwHCCLh

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f37f7192f218e977b4fbbdd75e115f0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3f37f7192f218e977b4fbbdd75e115f0_NeikiAnalytics.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    29KB

    MD5

    3d17fcbcc6b1cfdeba8a1e86c1be3a65

    SHA1

    1420647cdd5db15afa4fa403801cf14ff3e09a30

    SHA256

    856d1f6d56f1f4949fda7dc51c3c7f676519f7cac2520ae3fd94151e76278cb5

    SHA512

    ff745b6c213aa077df32c8f45c7bb6d03293781fc1789b9a98066431ace7524669d1df8ffa4358db5e86e636360f94f8f4fd41a9b2b9a2cf772f2ba557413f7c

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    28KB

    MD5

    68072941458865a91758e394576e0065

    SHA1

    72dd6cfeaba334278d052604ba4a305e778b4803

    SHA256

    a4dbba642d6145e55de1723f0e2ec03c4e2beb6f04300740a5bebdc697395b53

    SHA512

    f01fabfb24d159b70b5d04093a21546ead9427b77bb851bdb2cd2b7dab395a98ed96946148e5ee150647eab81362a20336d6ba512e66b5a32b5d38da9d67979b

    Download Submit

  • memory/2184-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2184-13-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-19-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-16-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-17-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-18-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-14-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-20-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-21-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-22-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-23-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-24-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-25-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-26-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4848-27-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download