Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/05/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
018129b0f9e1d035301c8bcec5125cb0
-
SHA1
a762547ccbf1cc951f4c8e32738462ec931cde14
-
SHA256
4c9b3b9e80d6c98100201466fe01068e4d4bed2ded24712fdda7c26b1e93a96b
-
SHA512
6d7053c74b404229739533083736078a49656ff5838f47675604244014b4555cb8caa0556463a9ecfee9f8c4e219871a4cb01a803530d6a7a5cca8444084785d
-
SSDEEP
1536:hbbhvDD8qtK5QPqfhVWbdsmA+RjPFLC+e5h9y0ZGUGf2g:h57LNPqfcxA+HFshUOg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2928 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2900 cmd.exe 2900 cmd.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2900 2164 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 29 PID 2164 wrote to memory of 2900 2164 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 29 PID 2164 wrote to memory of 2900 2164 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 29 PID 2164 wrote to memory of 2900 2164 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 29 PID 2900 wrote to memory of 2928 2900 cmd.exe 30 PID 2900 wrote to memory of 2928 2900 cmd.exe 30 PID 2900 wrote to memory of 2928 2900 cmd.exe 30 PID 2900 wrote to memory of 2928 2900 cmd.exe 30 PID 2928 wrote to memory of 2600 2928 [email protected] 31 PID 2928 wrote to memory of 2600 2928 [email protected] 31 PID 2928 wrote to memory of 2600 2928 [email protected] 31 PID 2928 wrote to memory of 2600 2928 [email protected] 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 15225.exe4⤵PID:2600
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD5b092e84709483c6c335ee259e3f787a0
SHA151565e48775515fa8cfff8098ef40876b5d7c29b
SHA2567d2064a1ef0ceef7bcd6277aa717d90d9580ac247e0f4af55bf8adac634e3ad4
SHA5128d7469c6ad90881d9c98b89ef97c006f1eb41df7d079ad142d71b1a9f4143c84c150ff1ef3aa25870946045e1c5ca385fabb9c4116d1ae09d8e9456258d804e5