Overview

overview

7

Static

static

3

05cb86e961...cs.exe

windows7-x64

7

05cb86e961...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05cb86e9612ada52985400834f6ca700_NeikiAnalytics.exe

  • Size

    66KB

  • MD5

    05cb86e9612ada52985400834f6ca700

  • SHA1

    2c3fa3e64ab3416bf1882ac2e72ae7c83a95b121

  • SHA256

    9d79faadf552d754f53d28878c5c859d954c43003123159f7d12e9e69a90a411

  • SHA512

    aa8a576fe0ad0686d889cf4f7dcbd6b66c7a2a13045e5b48c683905605eec2df60734b9e79e0e58a1640aa1ac166632a3e93589169259ad63bff75d63350780d

  • SSDEEP

    768:iLxqBt1sJw5pVNUP1/kvtbWcpmCKXHak3QIXjLZJ2bXfqQKMq+gjTAfu/MB8QKpA:1teqYQIXJJyXEv/MBK6vRel1HQwE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05cb86e9612ada52985400834f6ca700_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\05cb86e9612ada52985400834f6ca700_NeikiAnalytics.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Windows\SysWOW64\imlearifú±¬±
      "C:\Windows\system32\imlearifú±¬±"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4580
      • C:\Windows\SysWOW64\imlearifú±¬±
        ùù¿çç¤
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\ifkaread-oudoocú°¸¸
    Filesize

    5KB

    MD5

    48c45e05569f9a5665d082fbdc116c14

    SHA1

    e491ab1327b88312fc6d0535621b6de733c8efb5

    SHA256

    7e916f847bb5de3e09b36bd527e09ed656df13296bdcd9924185bcccde7dbe4c

    SHA512

    e1cc47e185831dc6c40372efc227f299964f262c641b790d31f0fe452a5bc70a4946c689913504c64790833c131d40c01fcd9ff3a148636be9f502959f7cc49c

    Download Submit

  • C:\Windows\SysWOW64\imlearifú±¬±
    Filesize

    66KB

    MD5

    0d13558be2eb07428e69115627be460b

    SHA1

    346f7c2438d08e9492dad0e43f515fcc855fcd64

    SHA256

    f9a15e2e8d076e2e046889ce8bc536aa5ca5c906c26fa41bf50789010ede11c4

    SHA512

    6dcac96289b24aa9bac681bd6d9b4e41714b71fef412377dd333d80fe3b1d17bc7adff8e23ab8105a8b77b5895047727dff76804e4ce97a08b5d7add0b473dd8

    Download Submit

  • memory/2988-24-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4580-23-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/4792-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download