Analysis

  • max time kernel
    25s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/05/2024, 03:18

General

  • Target

    622c8369db8a01f26211f0ed1dbdff40_NeikiAnalytics.exe

  • Size

    526KB

  • MD5

    622c8369db8a01f26211f0ed1dbdff40

  • SHA1

    a89024b56e9a2c54943029b1c521488610456ffa

  • SHA256

    6dd74d5085684992d5d3bbcef51fd2a5d3d95b6ca6a1bb28118f1d1d2fbc59be

  • SHA512

    ef1a92949706eb1e1c4cc1eea41048b4aecbde0ffb7353b63eda5f6ca7a5ad11b82bcea4a92d3bd00fcf8238f3a6fba5e834f6b6ce7c8870c59d584e85b7d81e

  • SSDEEP

    6144:m51+E/sojz1gL5pRTMTTjMkId/BynSx7dEe6XwzRaktNP08NhKs39zo43fTtl1fy:m51xB1gL5pRTcAkS/3hzN8qE43fm78VO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\622c8369db8a01f26211f0ed1dbdff40_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\622c8369db8a01f26211f0ed1dbdff40_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4740
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev4621.tmp!C:\Users\Admin\AppData\Local\Temp\622c8369db8a01f26211f0ed1dbdff40_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4444
      • C:\Users\Admin\AppData\Local\Temp\622C8369DB8A01F26211F0ED1DBDFF40_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:4688
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev4621.tmp!C:\Users\Admin\AppData\Local\Temp\622C8369DB8A01F26211F0ED1DBDFF40_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:2300

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\622C8369DB8A01F26211F0ED1DBDFF40_NEIKIANALYTICS.EXE

          Filesize

          526KB

          MD5

          9d7de27bda1a242a9755f31e21dfef66

          SHA1

          b5f5fdc0ea0d812f7b5939510fe7b94d539558c7

          SHA256

          1cb5d2b4f4d297ddbfe202fba7fbdfd5a9a3d3fe32191d15c374fe709cfb07b9

          SHA512

          e73046477d8122c7286c81154f1601b9d039bd1928e167f54edf079d6b600715169483b6a82014a2499534b8f97ea8f914b2fc6c45bf4fcd57a521b48c249177

        • C:\Windows\MSWDM.EXE

          Filesize

          68KB

          MD5

          180e4c78357e878a54b0192729fccde4

          SHA1

          d1568bf7a6c0e4641893c28397275f1070d4e3bf

          SHA256

          3c25898116142ddf4ee2abcab7cc853e4bf2ac4db48e43514f0856d6f35e8adb

          SHA512

          9b629870fd5c3377f841df3e2089b71a95b6aacb2bd062e32746fd54d2668ec2e85a01942e93867ac32e890cd73500829caa19a79fa96082fdac72966899664d

        • C:\Windows\dev4621.tmp

          Filesize

          458KB

          MD5

          619f7135621b50fd1900ff24aade1524

          SHA1

          6c7ea8bbd435163ae3945cbef30ef6b9872a4591

          SHA256

          344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

          SHA512

          2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

        • memory/2156-0-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/2156-8-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/2300-19-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/4444-10-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/4444-21-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/4740-9-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB