Analysis
-
max time kernel
90s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 12:06
Static task
static1
Behavioral task
behavioral1
Sample
52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
52cbeed1a3b02933f786dc2045f22fa0
-
SHA1
097bfc00f7146c974cf65f5d70c026ce717be2de
-
SHA256
285cb008debc972f7787f0463967c5a149cbe156b6e0d1c5e22015cc34a1bf7a
-
SHA512
2e174bc3fd6bd5941e43fe22800ca98f13989f31b8bd032abaae888b12152391d7d9779a43f777708eff7641fa7ff6b3563303767240d19c0456651a2b77a950
-
SSDEEP
1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5y7B8GMGlZ5G:zv6PsoIGdqU7uy5w9WMy7N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2664 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2216 wrote to memory of 3692 2216 52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe 85 PID 2216 wrote to memory of 3692 2216 52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe 85 PID 2216 wrote to memory of 3692 2216 52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe 85 PID 3692 wrote to memory of 2664 3692 cmd.exe 86 PID 3692 wrote to memory of 2664 3692 cmd.exe 86 PID 3692 wrote to memory of 2664 3692 cmd.exe 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\52cbeed1a3b02933f786dc2045f22fa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\SysWOW64\cmd.exePID:3692
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2664
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD58fb988bcd66b1cf5d54d196ff466dacd
SHA18cda81b2e4e68f41d9337cbd3c32a179da5f2039
SHA2567f7dc91386c03e8b1fade744ba312635b9d14f2ceee11528cd0c80e3b340c91e
SHA512f1d93b24eb9e17c2e23b7b3dca3e92b52314d1e1136d20a605cc5f03de4c0d2905aae7e53adb8efd4af2662f2e12cabcf7f2b18fb65f88207e14f9b6e2685d9e