Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 20:24
Static task
static1
Behavioral task
behavioral1
Sample
018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe
-
Size
73KB
-
MD5
018129b0f9e1d035301c8bcec5125cb0
-
SHA1
a762547ccbf1cc951f4c8e32738462ec931cde14
-
SHA256
4c9b3b9e80d6c98100201466fe01068e4d4bed2ded24712fdda7c26b1e93a96b
-
SHA512
6d7053c74b404229739533083736078a49656ff5838f47675604244014b4555cb8caa0556463a9ecfee9f8c4e219871a4cb01a803530d6a7a5cca8444084785d
-
SSDEEP
1536:hbbhvDD8qtK5QPqfhVWbdsmA+RjPFLC+e5h9y0ZGUGf2g:h57LNPqfcxA+HFshUOg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4852 [email protected] -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 1612 wrote to memory of 4028 1612 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 84 PID 1612 wrote to memory of 4028 1612 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 84 PID 1612 wrote to memory of 4028 1612 018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe 84 PID 4028 wrote to memory of 4852 4028 cmd.exe 85 PID 4028 wrote to memory of 4852 4028 cmd.exe 85 PID 4028 wrote to memory of 4852 4028 cmd.exe 85 PID 4852 wrote to memory of 3160 4852 [email protected] 86 PID 4852 wrote to memory of 3160 4852 [email protected] 86 PID 4852 wrote to memory of 3160 4852 [email protected] 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\018129b0f9e1d035301c8bcec5125cb0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1612 -
C:\Windows\SysWOW64\cmd.exePID:4028
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:4852
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 00.exe4⤵PID:3160
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize73KB
MD5b092e84709483c6c335ee259e3f787a0
SHA151565e48775515fa8cfff8098ef40876b5d7c29b
SHA2567d2064a1ef0ceef7bcd6277aa717d90d9580ac247e0f4af55bf8adac634e3ad4
SHA5128d7469c6ad90881d9c98b89ef97c006f1eb41df7d079ad142d71b1a9f4143c84c150ff1ef3aa25870946045e1c5ca385fabb9c4116d1ae09d8e9456258d804e5
-
Filesize
2KB
MD57b621943a35e7f39cf89f50cc48d7b94
SHA12858a28cf60f38025fffcd0ba2ecfec8511c197d
SHA256bef04c2f89dc115ce2763558933dba1767bf30cda6856d335ae68955923f9991
SHA5124169e664ad4e7e6891a05ceed78465e0ec44879b37fc0de97c014945e10c161f6bfb040efc24edc136e69bb115b2a1327b04cefb58141f712da856129872e8f1