ebe849ea99a306232251a3e5ed4741bf5f0596a99712bc482582da830a00c61e

General

Target

4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe
Size

61KB
MD5

4d0d90b64b2cd9f59cd387eaac4e4d80
SHA1

f277fda93f49c9866c99b63764789648692d103b
SHA256

ebe849ea99a306232251a3e5ed4741bf5f0596a99712bc482582da830a00c61e
SHA512

e6ba2fd562f367a4818df43a42a0806b33d54aeca19670b795099b48f3a8c2f8eea91e00cafba1f21edacc0c6ef869937d6e4e92f6f93f1f4049955c180d1bbf
SSDEEP

1536:Xttdse4OcUmWQIvEPZo6E5sEFd29NQgA2wHle5:fdse4OlQZo6EKEFdGM2Sle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2600	ewiuer2.exe
2056	ewiuer2.exe
2564	ewiuer2.exe
3712	ewiuer2.exe
2024	ewiuer2.exe
848	ewiuer2.exe
4296	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2600	1924	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	83
PID 1924 wrote to memory of 2600	1924	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	83
PID 1924 wrote to memory of 2600	1924	4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe	83
PID 2600 wrote to memory of 2056	2600	ewiuer2.exe	99
PID 2600 wrote to memory of 2056	2600	ewiuer2.exe	99
PID 2600 wrote to memory of 2056	2600	ewiuer2.exe	99
PID 2056 wrote to memory of 2564	2056	ewiuer2.exe	100
PID 2056 wrote to memory of 2564	2056	ewiuer2.exe	100
PID 2056 wrote to memory of 2564	2056	ewiuer2.exe	100
PID 2564 wrote to memory of 3712	2564	ewiuer2.exe	102
PID 2564 wrote to memory of 3712	2564	ewiuer2.exe	102
PID 2564 wrote to memory of 3712	2564	ewiuer2.exe	102
PID 3712 wrote to memory of 2024	3712	ewiuer2.exe	103
PID 3712 wrote to memory of 2024	3712	ewiuer2.exe	103
PID 3712 wrote to memory of 2024	3712	ewiuer2.exe	103
PID 2024 wrote to memory of 848	2024	ewiuer2.exe	110
PID 2024 wrote to memory of 848	2024	ewiuer2.exe	110
PID 2024 wrote to memory of 848	2024	ewiuer2.exe	110
PID 848 wrote to memory of 4296	848	ewiuer2.exe	111
PID 848 wrote to memory of 4296	848	ewiuer2.exe	111
PID 848 wrote to memory of 4296	848	ewiuer2.exe	111

C:\Users\Admin\AppData\Local\Temp\4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d0d90b64b2cd9f59cd387eaac4e4d80_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3712
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2024
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:848
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
d16db6e889daa0d3492c08ca46eb3927

SHA1
746ac52829ec71ab8cbb75b74a2515b846b8aaf8

SHA256
70ff97be2626969b89f683facdd1f64252cb060f8967bd80ed9480de70b7f510

SHA512
25290738698f18f64679ec0710225d0c965c4751cf8bb1633af0442f88413cb0e9c0b753c5b61b5000cf5291a08dfaaff9bc16a8d0b333242790b0ce2f19a22d

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
3538ecc73d6db16377c0ca4c03a3c47f

SHA1
44105f91aef50794a2ce15f653615d85b474bdfc

SHA256
22ee1c7e48838002dad65dc20efbb4bacbcfa2829f86b8fed526c620aa659f81

SHA512
ad476b4c4963a70c7e7a4e4bd969ff58fef4dcac3580e02a3f04ca82aee1478fb69fc00a62220d04942e79e5a87a5343d6f50be871529b2844dd3ab9cb727ae3

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
cebc5963189aee360477cc7a32b5ea68

SHA1
bc302634db487f6192f6fb086a5d09ec652952a0

SHA256
e7fca7e0a07bda22574e462c4518e22301db2cbc1fdc3d04c4d268cadad7ab9f

SHA512
cd81e34e3588a056561a742a6c5d9f46a7bf0a419e2102e0a3e9c0803509169a3968eeda48b2a73598517f3fb621d2d3f0aee1616d84f06e7b06285fc852c653

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
ec8dd969b074e70a1c48b91114109ab8

SHA1
c9afa43132fca8a4c4f96352e2a5820342dc9ff8

SHA256
017e1ed10da04bbe568e6eb09f5a2f66a7dd293bda9c4bb0060458b1b21569d6

SHA512
8b31a01179ab41202854a68b7c6639cf3da6eccde3cc4ad7d5410a1107dea2d480d54f5f8f0ed1f0518b826f39076069754286179348669237d1e8e3a7684a1b

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
b93f16109f2c8e88f460c2f47da3579b

SHA1
38e1d5076334651a83b38f8d39d3aad246a5c495

SHA256
c5f132881fa05389cf4671282b3f479ce94423c1c456f3a71e2fb99368445fdc

SHA512
453c2a7880054a2e5c5017b136aa1ffabf9774572b0e2f0ae42226e417699ddd30d41ae0197beb796bbf538785f31a39aa93a534bd5cf54a17e721cf809327bf

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
d8c93b064c02b953640c110ed3e62407

SHA1
d2e1dbf8e0f4e839b97d99fd650f9ec286a75263

SHA256
0931cc6aea9f76f5f10dc35d95cb7f146fa51f440cb1e2e50170d146e846f429

SHA512
a505b513490c684859c8520a2120adc0b2aa5c3672a6c5b3f52744065cad9c6e78b37c1df38aebdc1edbcce152a288c411100dac75652a4419c1bbfce07a9840

Download Submit
C:\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
5e48a1a78297cc5831ad942b672963e1

SHA1
e6f7db57e50c92f66cc483a79ba36294b62ebb47

SHA256
ebe58e9b0e6a26bdd5b5c8cb9969aae57edab2cbcbb4fbf15c1ebac1c094e71c

SHA512
50f6ecdb6d086e3ac9b15cde8c12b776fa6fe08331ccbcfd084d69d4299ccbaeb6fdd567a9a6c06144c8b387f90cc0562ef953df34c55a44fd7d6a637df267a7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads