Analysis
-
max time kernel
93s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
4f4381e6ea6c57f2033c5107d6bd26e0
-
SHA1
d4d809525f89a3ee2a01fa7eb6888650575a0a0d
-
SHA256
d0a05aba4362b8aa90bba5d811b8a444d821a4f2148d58238ad89a2dad32e56b
-
SHA512
4eff9b014978602059585bf6d24d45389a15faa4207fb5999259ac45e7ef012db77128a25046530af2126e3fdc1c0593bb0b6476cfdbf417ae7a0358902996a7
-
SSDEEP
1536:zvANfA7voIfaFOQA8AkqUhMb2nuy5wgIP0CSJ+5yuB8GMGlZ5G:zvANfvi9GdqU7uy5w9WMyuN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2836 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 388 wrote to memory of 3744 388 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 82 PID 388 wrote to memory of 3744 388 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 82 PID 388 wrote to memory of 3744 388 4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe 82 PID 3744 wrote to memory of 2836 3744 cmd.exe 83 PID 3744 wrote to memory of 2836 3744 cmd.exe 83 PID 3744 wrote to memory of 2836 3744 cmd.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f4381e6ea6c57f2033c5107d6bd26e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:388 -
C:\Windows\SysWOW64\cmd.exePID:3744
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2836
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD572b32038a4d00e71370597a4ebf3bad5
SHA127579f7a38c521c1211765c4e26e5c4bc4f4ee4d
SHA256650792fafcac1dc48c189298a86ea2e57a8334262a8ad3cba067a89fd3817c74
SHA51287f74e0c69ed0dd18e41e78bce624d1f2de41de49407420a9f3a41eb0ca65bf0d6880105544b97eac85c451a0228402953378d1b6d7de2df19852a2ae1f52550