Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
4f4381e6ea6c57f2033c5107d6bd26e0
-
SHA1
d4d809525f89a3ee2a01fa7eb6888650575a0a0d
-
SHA256
d0a05aba4362b8aa90bba5d811b8a444d821a4f2148d58238ad89a2dad32e56b
-
SHA512
4eff9b014978602059585bf6d24d45389a15faa4207fb5999259ac45e7ef012db77128a25046530af2126e3fdc1c0593bb0b6476cfdbf417ae7a0358902996a7
-
SSDEEP
1536:zvANfA7voIfaFOQA8AkqUhMb2nuy5wgIP0CSJ+5yuB8GMGlZ5G:zvANfvi9GdqU7uy5w9WMyuN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2088 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1160 cmd.exe 1160 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3056 wrote to memory of 1160 3056 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 29 PID 3056 wrote to memory of 1160 3056 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 29 PID 3056 wrote to memory of 1160 3056 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 29 PID 3056 wrote to memory of 1160 3056 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 29 PID 1160 wrote to memory of 2088 1160 cmd.exe 30 PID 1160 wrote to memory of 2088 1160 cmd.exe 30 PID 1160 wrote to memory of 2088 1160 cmd.exe 30 PID 1160 wrote to memory of 2088 1160 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2088
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD572b32038a4d00e71370597a4ebf3bad5
SHA127579f7a38c521c1211765c4e26e5c4bc4f4ee4d
SHA256650792fafcac1dc48c189298a86ea2e57a8334262a8ad3cba067a89fd3817c74
SHA51287f74e0c69ed0dd18e41e78bce624d1f2de41de49407420a9f3a41eb0ca65bf0d6880105544b97eac85c451a0228402953378d1b6d7de2df19852a2ae1f52550