Overview

overview

10

Static

static

3

5af1662476...cs.exe

windows7-x64

10

5af1662476...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 23:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5af1662476acf0f2c48eb894ef7e8b00_NeikiAnalytics.exe

  • Size

    94KB

  • MD5

    5af1662476acf0f2c48eb894ef7e8b00

  • SHA1

    f3d53cd0e28606f3fc70cbd3110541edb71bc441

  • SHA256

    fa3da96c0adf663ad371ce41a8b41cb0519e7e306a9ff453cb0a3a22a092491a

  • SHA512

    9c6fadf28d5059ff5234ed3684eda32f9325c4dcee9869b0bee64c1ae51b66b51435d731012aae2fb36ec850a142f79b7b813921ecbe653268941c986cddb733

  • SSDEEP

    1536:Udsah74bTxku0WlxDMtiJEVKH/tEzXwdt7:0ho2IfpJEVKH1KAd9

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5af1662476acf0f2c48eb894ef7e8b00_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\5af1662476acf0f2c48eb894ef7e8b00_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\mfliej.exe
      "C:\Users\Admin\mfliej.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\mfliej.exe
    Filesize

    94KB

    MD5

    b5d857f6305eb81482742f049b73f0b3

    SHA1

    2e5afe90d208ab2c799a21132b06b2aac6929588

    SHA256

    8819b2d44bd9d55b10349b26730029a86ecb5410fb31d707dda374b26186d73a

    SHA512

    d0c0388701e767bd471e551528d6e7b72441744a017ea853bdc2f7b3427233831bb95f2c65e3ba10fdc60ce972f5882042fe900e53ca82dbd7c6ff19822eca87

    Download Submit

  • memory/2148-0-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2148-14-0x0000000003910000-0x000000000392C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2148-13-0x0000000003910000-0x000000000392C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2148-20-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2148-21-0x0000000003910000-0x000000000392C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2148-22-0x0000000003910000-0x000000000392C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2412-16-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2412-23-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download