Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 09:05

General

  • Target

    4e602246419ccca4fceee4307d905e90_NeikiAnalytics.exe

  • Size

    73KB

  • MD5

    4e602246419ccca4fceee4307d905e90

  • SHA1

    ff00e6093d301cd2f7ed003623f114feffc53e49

  • SHA256

    3b4aad4ca58ad7370415343cf20055bfba3ed89ceb6980e6759d37fd2aa61cbb

  • SHA512

    0aa44c43a931f8359e4e504c04eea4e85f0b9221030265baf5981324271f7d4cba198de3368b95c430fedd8424e39f977dda278631f6d2511c5c1af545bf31c7

  • SSDEEP

    1536:hbwAWbc9YK5QPqfhVWbdsmA+RjPFLC+e5hw0ZGUGf2g:hEeeNPqfcxA+HFshwOg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e602246419ccca4fceee4307d905e90_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\4e602246419ccca4fceee4307d905e90_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c [email protected]
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2872
      • C:\Users\Admin\AppData\Local\Temp\[email protected]
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3032
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 00.exe
          4⤵
            PID:2492

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Users\Admin\AppData\Local\Temp\[email protected]

            Filesize

            73KB

            MD5

            7ab0fdccc63ff4b737a113f6ecde5a68

            SHA1

            9301a3d3fe06361a8214cc349d9df8ce3cea15a8

            SHA256

            1da250959dc41bc418db73493db079f05c8d7ac810299ba88d1df2bf1e4196cf

            SHA512

            06340af1b8620feb46aa2eb394f8de3074cab744635e4ffde67323b3d1d94d03a660884b66efe1a62c7ae8152d1820ccc4d508b48a417e437a7bb347b2c7ee94

          • memory/1904-11-0x0000000000400000-0x0000000000419000-memory.dmp

            Filesize

            100KB

          • memory/3032-10-0x0000000000400000-0x0000000000419000-memory.dmp

            Filesize

            100KB