Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 01:23
Static task
static1
Behavioral task
behavioral1
Sample
5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe
-
Size
79KB
-
MD5
5e8838ea6dd246ad8b2b776460162e00
-
SHA1
3e0b80508146eca32e2d9590d06c8df6e2e99c81
-
SHA256
5269411eb462e9a6ff4e114f6802adbe0f2d0acb8aca5b2fc8fd051524d7dab5
-
SHA512
abdfb65637268f5eb6bc81b4807acefb080a12a479549120fed59209cad46e802cf858995fe5b0c41623a04eddc84b13437b17748d82e0d596d0e7dd2a152299
-
SSDEEP
1536:zvIqTisupYrVjLZhkpkxOQA8AkqUhMb2nuy5wgIP0CSJ+5yfB8GMGlZ5G:zvIqJxLnsGdqU7uy5w9WMyfN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1264 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1188 wrote to memory of 4268 1188 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 90 PID 1188 wrote to memory of 4268 1188 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 90 PID 1188 wrote to memory of 4268 1188 5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe 90 PID 4268 wrote to memory of 1264 4268 cmd.exe 91 PID 4268 wrote to memory of 1264 4268 cmd.exe 91 PID 4268 wrote to memory of 1264 4268 cmd.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\5e8838ea6dd246ad8b2b776460162e00_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1188 -
C:\Windows\SysWOW64\cmd.exePID:4268
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1264
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:81⤵PID:2624
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD54f711b6896dbf8d7971b6bfe946a1908
SHA1596ae4e6c088b1da07d3ab65f7442e01e6b7a341
SHA25682d724d1908e7b500c871f968f5458e65fa4400a6bd022423802f0feda210c17
SHA512a01c4c7bd6f47ab39ab88cba092d05e9f2497ed896e89c437631a8e32ddf97516b690cb963db078ed2a56074769016c683ef9767fd862e60eff509ca60301274