Analysis

  • max time kernel
    17s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 07:45

General

  • Target

    4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe

  • Size

    738KB

  • MD5

    4b4d9f23293f2a5a0be3a3e680977ac0

  • SHA1

    beb42405eab03b2ee529c3ebf51d81f2718da40e

  • SHA256

    c72f3f17d1d8dcd619bfdd3b67e834c91ba8a4d1cda1a4ef1cbda0763d153166

  • SHA512

    b913970926b33201e911544393cbda4fdf0cf22119c128787f94f8d83d9d9ce5baeac8bd9d34754a58204ae697d8c1174c9cf834b15470b5a4dcabd57992d87b

  • SSDEEP

    12288:q51xNSiZbbSoCU5qJSr1eWPUntBB0sP0MugCAjHUzTsh2:q51xNSi1SoCU5qJSr1eWPSCsP0MugC6E

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1144
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev1B9C.tmp!C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Users\Admin\AppData\Local\Temp\4B4D9F23293F2A5A0BE3A3E680977AC0_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:2664
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev1B9C.tmp!C:\Users\Admin\AppData\Local\Temp\4B4D9F23293F2A5A0BE3A3E680977AC0_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2504

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4B4D9F23293F2A5A0BE3A3E680977AC0_NEIKIANALYTICS.EXE

          Filesize

          574KB

          MD5

          6503efe0a01c2d50c97be27f3cb10a43

          SHA1

          a0cb3708603a18f02352d01ec672020e5bad5073

          SHA256

          0cf9864ae3a8679ed503f954a453452c93fa44f99ca6f39bbc5860abde7fd35e

          SHA512

          ebdbc553ba4348676fd3f2ca12e48af53a229b449a36e653dbfca90efb34d21033e41d1157dcca28c2b1e5f91368c0839298992247cf7d2e8feca5feab8ecea4

        • C:\Users\Admin\AppData\Local\Temp\4B4D9F23293F2A5A0BE3A3E680977AC0_NEIKIANALYTICS.EXE

          Filesize

          738KB

          MD5

          7773466d12176502f9cb8f5c0fc446db

          SHA1

          1294700f0cbf4e4e0e542aaa37bec665edf64a57

          SHA256

          aa0d09a1b1d0dca61ff07b37dbe49198e72c0aa168e46c61b542af33398b23a8

          SHA512

          e07628145ca10964983d8e3d99cf9533fa3ca4afb63c9cea05b23ac1998626fbf20114b12fe17d9c8a39fa526706d01e1ca3c005baa26fc7e5c4a3de8239e5c6

        • C:\Windows\MSWDM.EXE

          Filesize

          164KB

          MD5

          c63b4134b74602a3c45a65664b08d981

          SHA1

          395e802be36cc24865439eac672ddf85733aafaf

          SHA256

          2495dffa440d3090c798cb22a73a8beacb063221b2a894f7fbc62a4b6d5b4a58

          SHA512

          82894f5428ae58cfdbcf2c3ef9d08dfe533d91c67b290f875337196f731137c38ca855293caa6c9568ed510564a5fc71372f38d3edeae0a7036dd57265d122dd

        • memory/1144-23-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/1144-33-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/1968-11-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/1968-0-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/2504-30-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/3056-22-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/3056-32-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB