7cda6cffe0ab7a11d7b37b4e56957665a616b5077d95af6258a06a21d03f2a0a

Analysis

max time kernel
150s
max time network
156s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe
Size

78KB
MD5

5da73345dbfedae015d137f5e9d2d6e0
SHA1

6694b64a2d3a73ceea64903e7eea26ba81a71b59
SHA256

7cda6cffe0ab7a11d7b37b4e56957665a616b5077d95af6258a06a21d03f2a0a
SHA512

faba363c0ec40a1c502abd16efd4b32e99b0978974defb5aa7fd7c6fd7affc936c1e9e90f1ec03f197553f9fab882e88cc38130f1a7c74ee32d469c57d43b88f
SSDEEP

1536:ZzFbxmLPWQMOtEvwDpj386Sj/WprgJN6tZdOyJ3KUe:ZVxkGOtEvwDpjcaC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3056	misid.exe

Loads dropped DLL 1 IoCs

pid	Process
2980	5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3056	2980	5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe	28
PID 2980 wrote to memory of 3056	2980	5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe	28
PID 2980 wrote to memory of 3056	2980	5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe	28
PID 2980 wrote to memory of 3056	2980	5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5da73345dbfedae015d137f5e9d2d6e0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\misid.exe
  "C:\Users\Admin\AppData\Local\Temp\misid.exe"
  2⤵
  - Executes dropped EXE
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\misid.exe

Filesize
78KB

MD5
f85579b268a3572c683a3a6ed5a0e333

SHA1
292e6d8fe462347ee8d12195bb694d27907a6c24

SHA256
7a32141be2698ef310b5a01e4c89d22dcfc4bb28187fd9d90e76da07c51303c6

SHA512
27f0cd44cb79bbe52ec8c2e08b01b74464cc51d2454ce9af53072259af0c7f3a8211439a1db1cdae4aab495f409dceeb3c57d1ec8f511e504257c61dd50dae7d

Download Submit
memory/2980-0-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2980-1-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/2980-9-0x0000000000240000-0x0000000000246000-memory.dmp

Filesize
24KB

Download
memory/2980-8-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/3056-16-0x0000000000460000-0x0000000000466000-memory.dmp

Filesize
24KB

Download
memory/3056-24-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/3056-23-0x0000000000230000-0x00000000002B0000-memory.dmp

Filesize
512KB

Download
memory/3056-25-0x0000000000230000-0x00000000002B0000-memory.dmp

Filesize
512KB

Download