Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
30/05/2024, 01:23
Static task
static1
Behavioral task
behavioral1
Sample
5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe
-
Size
79KB
-
MD5
5e8838ea6dd246ad8b2b776460162e00
-
SHA1
3e0b80508146eca32e2d9590d06c8df6e2e99c81
-
SHA256
5269411eb462e9a6ff4e114f6802adbe0f2d0acb8aca5b2fc8fd051524d7dab5
-
SHA512
abdfb65637268f5eb6bc81b4807acefb080a12a479549120fed59209cad46e802cf858995fe5b0c41623a04eddc84b13437b17748d82e0d596d0e7dd2a152299
-
SSDEEP
1536:zvIqTisupYrVjLZhkpkxOQA8AkqUhMb2nuy5wgIP0CSJ+5yfB8GMGlZ5G:zvIqJxLnsGdqU7uy5w9WMyfN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2632 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1708 cmd.exe 1708 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2872 wrote to memory of 1708 2872 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 29 PID 2872 wrote to memory of 1708 2872 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 29 PID 2872 wrote to memory of 1708 2872 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 29 PID 2872 wrote to memory of 1708 2872 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 29 PID 1708 wrote to memory of 2632 1708 cmd.exe 30 PID 1708 wrote to memory of 2632 1708 cmd.exe 30 PID 1708 wrote to memory of 2632 1708 cmd.exe 30 PID 1708 wrote to memory of 2632 1708 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2632
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD54f711b6896dbf8d7971b6bfe946a1908
SHA1596ae4e6c088b1da07d3ab65f7442e01e6b7a341
SHA25682d724d1908e7b500c871f968f5458e65fa4400a6bd022423802f0feda210c17
SHA512a01c4c7bd6f47ab39ab88cba092d05e9f2497ed896e89c437631a8e32ddf97516b690cb963db078ed2a56074769016c683ef9767fd862e60eff509ca60301274