Analysis

  • max time kernel
    21s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/05/2024, 07:45

General

  • Target

    4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe

  • Size

    738KB

  • MD5

    4b4d9f23293f2a5a0be3a3e680977ac0

  • SHA1

    beb42405eab03b2ee529c3ebf51d81f2718da40e

  • SHA256

    c72f3f17d1d8dcd619bfdd3b67e834c91ba8a4d1cda1a4ef1cbda0763d153166

  • SHA512

    b913970926b33201e911544393cbda4fdf0cf22119c128787f94f8d83d9d9ce5baeac8bd9d34754a58204ae697d8c1174c9cf834b15470b5a4dcabd57992d87b

  • SSDEEP

    12288:q51xNSiZbbSoCU5qJSr1eWPUntBB0sP0MugCAjHUzTsh2:q51xNSi1SoCU5qJSr1eWPSCsP0MugC6E

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2372
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev4CF7.tmp!C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3904
      • C:\Users\Admin\AppData\Local\Temp\4B4D9F23293F2A5A0BE3A3E680977AC0_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:3952
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev4CF7.tmp!C:\Users\Admin\AppData\Local\Temp\4B4D9F23293F2A5A0BE3A3E680977AC0_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2212

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\4b4d9f23293f2a5a0be3a3e680977ac0_NeikiAnalytics.exe

          Filesize

          738KB

          MD5

          9a76c8036cb6587af961e847403610a8

          SHA1

          cbd99501ab11df43371f75b6406f637d04c2b869

          SHA256

          83f22a876f1736a2a51f236e9d7e948477f0ab8bfe18ac305c55a1a452476fd7

          SHA512

          ea7c7bff73177f1248af5d9f1c97f61231221741c483a2c7900b918a1c0e4abdf6f73ce4b5f2448812bf11dea263e3e963002783cafd7d45089ada2658b9baa0

        • C:\Windows\MSWDM.EXE

          Filesize

          164KB

          MD5

          c63b4134b74602a3c45a65664b08d981

          SHA1

          395e802be36cc24865439eac672ddf85733aafaf

          SHA256

          2495dffa440d3090c798cb22a73a8beacb063221b2a894f7fbc62a4b6d5b4a58

          SHA512

          82894f5428ae58cfdbcf2c3ef9d08dfe533d91c67b290f875337196f731137c38ca855293caa6c9568ed510564a5fc71372f38d3edeae0a7036dd57265d122dd

        • C:\Windows\dev4CF7.tmp

          Filesize

          574KB

          MD5

          6503efe0a01c2d50c97be27f3cb10a43

          SHA1

          a0cb3708603a18f02352d01ec672020e5bad5073

          SHA256

          0cf9864ae3a8679ed503f954a453452c93fa44f99ca6f39bbc5860abde7fd35e

          SHA512

          ebdbc553ba4348676fd3f2ca12e48af53a229b449a36e653dbfca90efb34d21033e41d1157dcca28c2b1e5f91368c0839298992247cf7d2e8feca5feab8ecea4

        • memory/2212-18-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/2372-21-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/3904-10-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/3904-20-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/4204-0-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB

        • memory/4204-9-0x0000000000400000-0x0000000000429000-memory.dmp

          Filesize

          164KB