Analysis
-
max time kernel
133s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
4b4a8226429f3f81b1200a9c4d9335f0
-
SHA1
d7f3a01c2022b03fcc3d8fd5395b4349f28036bc
-
SHA256
5ccb737a0b64bd0c66c4145224c57df0a0e856b3aaa81a2abecadcb3c6ff16fa
-
SHA512
0450aaf29d13a4d5029caadf7e0c16a76db1dbf0699e8d82bf263092acc0942eea7f071311cf9feb51604e873678fa80b64fb5c983bfca559a45e7f92b4ec6d9
-
SSDEEP
1536:zvawDMD4uuAqYOQA8AkqUhMb2nuy5wgIP0CSJ+5ymB8GMGlZ5G:zvaw2Fq9GdqU7uy5w9WMymN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3904 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1196 wrote to memory of 1012 1196 4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe 92 PID 1196 wrote to memory of 1012 1196 4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe 92 PID 1196 wrote to memory of 1012 1196 4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe 92 PID 1012 wrote to memory of 3904 1012 cmd.exe 93 PID 1012 wrote to memory of 3904 1012 cmd.exe 93 PID 1012 wrote to memory of 3904 1012 cmd.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4b4a8226429f3f81b1200a9c4d9335f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1196 -
C:\Windows\SysWOW64\cmd.exePID:1012
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:3904
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:81⤵PID:2936
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5900e8cde4e0c47f041e0f703a6de85a5
SHA17bb2dcd83272497be2945d08ab0abc99dc005307
SHA256cbb35e41adae64f9d0fa56b658ac36ef6867016e694fe3af647d69974c0c5f1b
SHA512fd6673259cd18fc93c32012ed8277c4103de48e37df7f53fdbf815e6498c37f4bc926b30b293faae4a7b9c4bbdf7bf5a1bc6692faf9fd0333ffcf6d6b8f61320