Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe
-
Size
79KB
-
MD5
4f498141dfd911dc2874ce71c3323110
-
SHA1
609a3da2b9afa1e704309f0cd42ad14666c56de4
-
SHA256
b051f60547cea64be227093ddf6ef96e5d7e1647b9a530b19977ab01ae285576
-
SHA512
fcec685d662383460a9b595a22b10e2c2acce0ed5d94ce9b7ffd45263e5e5deb028a6701123e72e2516f09d63fadcf5cfe129544e92c7bb487c6ffb97ab84364
-
SSDEEP
1536:zv3JmHlv340W6OQA8AkqUhMb2nuy5wgIP0CSJ+5yWB8GMGlZ5G:zvZmHlvfWPGdqU7uy5w9WMyWN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2956 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2200 cmd.exe 2200 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2200 2936 4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe 29 PID 2936 wrote to memory of 2200 2936 4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe 29 PID 2936 wrote to memory of 2200 2936 4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe 29 PID 2936 wrote to memory of 2200 2936 4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe 29 PID 2200 wrote to memory of 2956 2200 cmd.exe 30 PID 2200 wrote to memory of 2956 2200 cmd.exe 30 PID 2200 wrote to memory of 2956 2200 cmd.exe 30 PID 2200 wrote to memory of 2956 2200 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4f498141dfd911dc2874ce71c3323110_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2956
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD519f89070fc678018e8ebdbceab44eeb4
SHA1aab437e4898d9656725d21516cb0fe98cca900b5
SHA256b40c457ecc11d441b1abf70aac92fc8824396dfb68c87e20775ee9889e3d2e43
SHA512d1af248021d4dbf59caf372fe9dde0a035c298993aa5620ed86714608835ce4ea2440a4b0be3042e6555df0d7ec40d2d62249c7185f173331ef3ae62469f9b51