ebe849ea99a306232251a3e5ed4741bf5f0596a99712bc482582da830a00c61e

Analysis

max time kernel
143s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe
Size

61KB
MD5

4d0d90b64b2cd9f59cd387eaac4e4d80
SHA1

f277fda93f49c9866c99b63764789648692d103b
SHA256

ebe849ea99a306232251a3e5ed4741bf5f0596a99712bc482582da830a00c61e
SHA512

e6ba2fd562f367a4818df43a42a0806b33d54aeca19670b795099b48f3a8c2f8eea91e00cafba1f21edacc0c6ef869937d6e4e92f6f93f1f4049955c180d1bbf
SSDEEP

1536:Xttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wHle5:fdse4OlQZo6EKEFdGM2Sle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2888	ewiuer2.exe
2844	ewiuer2.exe
576	ewiuer2.exe
1724	ewiuer2.exe

Loads dropped DLL 8 IoCs

pid	Process
1500	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe
1500	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe
2888	ewiuer2.exe
2888	ewiuer2.exe
2844	ewiuer2.exe
2844	ewiuer2.exe
576	ewiuer2.exe
576	ewiuer2.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\viesazm.mpk	ewiuer2.exe
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2888	1500	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2888	1500	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2888	1500	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 2888	1500	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 2844	2888	ewiuer2.exe	32
PID 2888 wrote to memory of 2844	2888	ewiuer2.exe	32
PID 2888 wrote to memory of 2844	2888	ewiuer2.exe	32
PID 2888 wrote to memory of 2844	2888	ewiuer2.exe	32
PID 2844 wrote to memory of 576	2844	ewiuer2.exe	33
PID 2844 wrote to memory of 576	2844	ewiuer2.exe	33
PID 2844 wrote to memory of 576	2844	ewiuer2.exe	33
PID 2844 wrote to memory of 576	2844	ewiuer2.exe	33
PID 576 wrote to memory of 1724	576	ewiuer2.exe	35
PID 576 wrote to memory of 1724	576	ewiuer2.exe	35
PID 576 wrote to memory of 1724	576	ewiuer2.exe	35
PID 576 wrote to memory of 1724	576	ewiuer2.exe	35

C:\Users\Admin\AppData\Local\Temp\4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:576
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OQW31PIM.txt

Filesize
229B

MD5
c27dfd7f0a5fbe2b31b947e6a245d936

SHA1
1ebf2bb8cef1f756242f67e08e1f0c4de0065f44

SHA256
a69676680728511b6b6a79a3fb3ea3fe97a1465521060c8ae5990c7208856f3e

SHA512
dcc6d00a609fa8a2e38a0ae3f7100617dcbd74ceb0f9caf64bb637dbd2162209727b93ed92470f77ad9d347e7a60f5a719b92ad5228e9c6afc8714e7a71cfd10

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
cebc5963189aee360477cc7a32b5ea68

SHA1
bc302634db487f6192f6fb086a5d09ec652952a0

SHA256
e7fca7e0a07bda22574e462c4518e22301db2cbc1fdc3d04c4d268cadad7ab9f

SHA512
cd81e34e3588a056561a742a6c5d9f46a7bf0a419e2102e0a3e9c0803509169a3968eeda48b2a73598517f3fb621d2d3f0aee1616d84f06e7b06285fc852c653

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
27c56f6a513d60743255caa94f4024f5

SHA1
d0719c4cf75c5f5e2636db8a1b865fccf96bd4f7

SHA256
c74f28c5ca4f5281d2275b0532610b8ed5b382a683c856d9449711c3f7d66dec

SHA512
d1c2a768ce3cc18949fe4214ea84b5e944ea13e853dbc327c47692621c8d5f4464ce59060004f7d5daf33966df36813da0f31192d529530b99d0903e6a698fb6

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
a0f9b14fd886b7f6479e84440b83c963

SHA1
00f8f92bace5cce62042fc4a4e912a570fd54b76

SHA256
951060118298fdfd68fd6947b7a09a87fb28cb0af0c00934b8790e9029925861

SHA512
987b1b60bcb8f8eb9eb62c90f5a8aab9ef9b53e663844b2d8297865701a0a25b927097eca8aa007c224c36dbf0e4024fcd67b6d98a0ba30668586e98382cdb25

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
2ef20c7477170540e11d93471aed895d

SHA1
cd0978656850429d38fff9325fe067be24fb013f

SHA256
5e25f8b84130590a2ba0bc10755de27a0a0ce766c17a6f2d201f4fa34e4d3da1

SHA512
955524814ce03373d31e43963b96bb9fd81019a12acf499d3090e8b34778406d825b8d62e47e22a4e60e430f121ac9bf76976ea343cc5a29ae83647b5bbe9439

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads