Analysis
-
max time kernel
22s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31/05/2024, 22:25
Static task
static1
Behavioral task
behavioral1
Sample
823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe
-
Size
548KB
-
MD5
823315a7ec0c3ce4f9ebf6b173685e60
-
SHA1
3081c762ee6afa7486ebc67d21172f666804f7e3
-
SHA256
3dd195376379b17b924ac8393072772a017c0c16521717e9057aeaf1dc55ca14
-
SHA512
2d72ab8a0b4b572cb01dacb3df477507bc7bc948e88472efb8dfa6b9e54a897a8a84d38c21af920faea92e30b2365cfa54b1c889d2f62a85d41fd6603c336cc9
-
SSDEEP
12288:wlbd+01gL5pRTcAkS/3hzN8qE43fm78Vy:Wbd+R5jcAkSYqyEy
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
pid Process 1656 MSWDM.EXE 3480 MSWDM.EXE 2136 823315A7EC0C3CE4F9EBF6B173685E60_NEIKIANALYTICS.EXE 2208 MSWDM.EXE -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WDM = "MSWDM.EXE" 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\WDM = "MSWDM.EXE" 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WDM = "MSWDM.EXE" MSWDM.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\WDM = "MSWDM.EXE" MSWDM.EXE -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\WINDOWS\MSWDM.EXE 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe File opened for modification C:\Windows\dev4611.tmp 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe File opened for modification C:\Windows\dev4611.tmp MSWDM.EXE -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3480 MSWDM.EXE 3480 MSWDM.EXE -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 4116 wrote to memory of 1656 4116 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe 82 PID 4116 wrote to memory of 1656 4116 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe 82 PID 4116 wrote to memory of 1656 4116 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe 82 PID 4116 wrote to memory of 3480 4116 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe 83 PID 4116 wrote to memory of 3480 4116 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe 83 PID 4116 wrote to memory of 3480 4116 823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe 83 PID 3480 wrote to memory of 2136 3480 MSWDM.EXE 84 PID 3480 wrote to memory of 2136 3480 MSWDM.EXE 84 PID 3480 wrote to memory of 2208 3480 MSWDM.EXE 86 PID 3480 wrote to memory of 2208 3480 MSWDM.EXE 86 PID 3480 wrote to memory of 2208 3480 MSWDM.EXE 86
Processes
-
C:\Users\Admin\AppData\Local\Temp\823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4116 -
C:\WINDOWS\MSWDM.EXE"C:\WINDOWS\MSWDM.EXE"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1656
-
-
C:\WINDOWS\MSWDM.EXE-r!C:\Windows\dev4611.tmp!C:\Users\Admin\AppData\Local\Temp\823315a7ec0c3ce4f9ebf6b173685e60_NeikiAnalytics.exe! !2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Users\Admin\AppData\Local\Temp\823315A7EC0C3CE4F9EBF6B173685E60_NEIKIANALYTICS.EXE3⤵
- Executes dropped EXE
PID:2136
-
-
C:\WINDOWS\MSWDM.EXE-e!C:\Windows\dev4611.tmp!C:\Users\Admin\AppData\Local\Temp\823315A7EC0C3CE4F9EBF6B173685E60_NEIKIANALYTICS.EXE!3⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:2208
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
548KB
MD5150632f6084943205bd9f1e3edb2bf4d
SHA12531999c6b5e0f86492df09d1ac9deae2adcabfc
SHA256ce266578e530304e3379580bcfb790cf39bc6ac6ef634986a335b9deb250da17
SHA51259109755577d830253aee19cd74f93d386a1ae22e5ee8de21844f3eb31d3cd3f3672adcfb88cacee574ac798733908504c62f0b8341350281afae80a07d2d55c
-
Filesize
90KB
MD58f2d28e86da4e46fc37522f9015ebdbc
SHA18523897a7511249a248565fdbee289196f7b2866
SHA256b9bcc3b92f2d29bdf6bbd7a1caf5ef4b1ad668f264f6d5019f9f05fad25ae240
SHA512bb04eb0e480fbe02fde3cf17defb774c9d9b5bcaf23bed81fcdb1ddfe4f9bcce7d77093965fe1752e696632a2c0fde8fb7d9ad0e63271ee1e7beb1cf4ff510a8
-
Filesize
458KB
MD5619f7135621b50fd1900ff24aade1524
SHA16c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA5122c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628