Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 22:36

General

  • Target

    78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe

  • Size

    65KB

  • MD5

    78212682e8630cff3380ba7684d296d0

  • SHA1

    879f0ceed063ec2d6cd59ac0b1d61e70270c508e

  • SHA256

    1edd34321d435b4e30564f4cc801647385ffeb15f5f027f94cd946671acaad82

  • SHA512

    2489d1629a1d52599c030853fc0824dffaa26927314e17b40a28090eb44051377b21e29ada9f570008e4b581a454c3ebc29288089a3e0a91c76aeb2a31cda265

  • SSDEEP

    768:heQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:h9IvEPZo6Ead29NQgA2wQle56

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 14 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Windows\SysWOW64\ewiuer2.exe
        C:\Windows\System32\ewiuer2.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2464
        • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:1020
          • C:\Windows\SysWOW64\ewiuer2.exe
            C:\Windows\System32\ewiuer2.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:840
            • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
              C:\Users\Admin\AppData\Roaming\ewiuer2.exe
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of WriteProcessMemory
              PID:2108
              • C:\Windows\SysWOW64\ewiuer2.exe
                C:\Windows\System32\ewiuer2.exe
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of WriteProcessMemory
                PID:1804
                • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
                  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
                  8⤵
                  • Executes dropped EXE
                  PID:788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\37JUVY7G.txt

    Filesize

    230B

    MD5

    0f11c962ec209a06f79abb4fcec58d47

    SHA1

    057d30367488ecdac94ddc0a942ffaa6e88f1bd1

    SHA256

    2cd810e4e860198188dcfc66a50decb58a0b60949ba0d53371d52aa9d0d52b47

    SHA512

    0936c1a54ee309dae147df9734b001df1ccc69ab3b32cbf0ed02f5a504751b1b3417774c00c9a418acabaf1cf407bddf7199902264f2fcabc1f97d2f6247ebb7

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4KO0XM1A.txt

    Filesize

    229B

    MD5

    499c0cb09c48da7ebea2f855c99e4a02

    SHA1

    99ea86e6a84b798942d305d5ec3aa62e5cca312c

    SHA256

    1cb3e31f6c1255730056281bf98de63a7b2e8df1a283d9257016569fd26b6857

    SHA512

    095c1fc3c89405a781d40f69503694288af0d7f64f15b35fc6b143df7fbcf764b304cef5a5980fd0dfba0af391afc3f2b9a786f4578c7877db2744493e1c67af

  • C:\Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    65KB

    MD5

    0d510d7c7812e00ec9b90b4dd6d4863d

    SHA1

    f9499d7bf709a3f7b04aa00044d2a630666cceee

    SHA256

    d9639cb203b712647dfeb9455341ab24c77d6eb66b0c05c7e6b6c2d3a7bde5ff

    SHA512

    4e0bdbba5d792627c94d0cacff4e97a8210bb74330518a45b5d6a62b45d3735560a2b21935f4e6a71f1eb2e303029b2b7e37a297d475a6e4bfcfc7737d495597

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    65KB

    MD5

    6499f64fab8dd4b58c706ca56f94ace0

    SHA1

    76eb7cf03aecd96e2fea9d8a39371066a219a40f

    SHA256

    73ca80345a85b108e30f95b36ff9e3e7d07de85b039170f6678ad53995dae660

    SHA512

    66b21920d970f5713cb77b1ced9e6cb44315af1a9080a0bd083297dd036b53b48aca6f2a8d23c9845a39a23fbdd42a94118af8c1bf9f405342e14bdbaf627d7e

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    65KB

    MD5

    c44dfb17e069b6e69544b058b109ba1e

    SHA1

    134d12f97d45b62d523c850696f319cf875ca5f6

    SHA256

    41b3d5a6d250a05e8d9e5c737fa4fcf67c9f02705932eb3b91539af0cc2c145b

    SHA512

    e147138231264d4ba36ff8576ce2ec5d39dcdf9c156be991e860d1aa4dfbf3fa1d0bf5a15cc99b23ece75db0a866410dd8301fee5a5161bcb079adb69610165d

  • \Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    65KB

    MD5

    bdbe3ec483abee529bec6a3d2b1a029e

    SHA1

    8d3321864e57470949e7d20053d8df4e3becd812

    SHA256

    585552d657ed9e9dc710605c21f6b4db2587ec0fa8c10b227482c19b1486dd73

    SHA512

    472ac3900bd21b0ee0699577e6b59b8f4c5e3cbb478d6df2a351eb69d35575315303f3e484964bb5d5229620a4c7c513d1d10eec44b94d96274b90f4fa53b980

  • \Windows\SysWOW64\ewiuer2.exe

    Filesize

    65KB

    MD5

    8bdd3f7adcfeb51edddeadb9eb427b67

    SHA1

    5c9b3e1831344a283929c8042e5869cf3e8afadd

    SHA256

    0fbe5f47d9f0fa3706d4a18fcd861af96d78b0de5a5c14e363727c8bb633fb54

    SHA512

    80fbe454566aae6f229846d8260aec8a34226461582446152f42c689030c4bf3ce1eac303403f721a0f05d1cda959fd7da1886f8cecd4e1fffb8a774dd77411c

  • \Windows\SysWOW64\ewiuer2.exe

    Filesize

    65KB

    MD5

    2beb1999a3c3c9a1baa9d353747517d2

    SHA1

    1dcd82b3e906619fd85bd8f3ece15d930717e89f

    SHA256

    8562fcd81d715fcd1428aef53cbe3a6bc1e9867ce3608648827ec4e85921ce6e

    SHA512

    edebc902ba182bf3d21f1b4ddadc4774ad9b25a2060914fb906d01eb72fe15bc429b2f13a82104acf58522924e0177c2998dcd40a3cc502afc6aceddcfcc26fe

  • \Windows\SysWOW64\ewiuer2.exe

    Filesize

    65KB

    MD5

    39bc26ce4685e1fb96db3972f927fb3a

    SHA1

    d4c8de33cdb978c627814d19e6fa5b7a07180010

    SHA256

    e1223ec26634ad326200835fd3d3844194a5e9da10d8445b3894fb1c934e13ae

    SHA512

    11b5e6f478d7bbd3cd9fef7ecccd4392aeec8dc275617fad462c44850baf7607252507ca884e757b03d10efd20d4aa4a3b5c5b7d25dd7445c73cbefe413e8023

  • memory/788-86-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/840-60-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/840-50-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1020-36-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1020-38-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1020-48-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1804-84-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1804-75-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2108-61-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2108-63-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2108-74-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2156-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2156-8-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2272-23-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2272-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2272-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2272-17-0x0000000002340000-0x000000000236A000-memory.dmp

    Filesize

    168KB

  • memory/2464-34-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/2464-25-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB