Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 22:36

General

  • Target

    78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe

  • Size

    65KB

  • MD5

    78212682e8630cff3380ba7684d296d0

  • SHA1

    879f0ceed063ec2d6cd59ac0b1d61e70270c508e

  • SHA256

    1edd34321d435b4e30564f4cc801647385ffeb15f5f027f94cd946671acaad82

  • SHA512

    2489d1629a1d52599c030853fc0824dffaa26927314e17b40a28090eb44051377b21e29ada9f570008e4b581a454c3ebc29288089a3e0a91c76aeb2a31cda265

  • SSDEEP

    768:heQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:h9IvEPZo6Ead29NQgA2wQle56

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4592
      • C:\Windows\SysWOW64\ewiuer2.exe
        C:\Windows\System32\ewiuer2.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1128
        • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          C:\Users\Admin\AppData\Roaming\ewiuer2.exe
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:1988
          • C:\Windows\SysWOW64\ewiuer2.exe
            C:\Windows\System32\ewiuer2.exe
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:1096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    65KB

    MD5

    7b69c3994c5d7bf45923675b3688045e

    SHA1

    153e7ba17dd912b1478bec690019ee311b25271e

    SHA256

    879daaf764189ad17a4a0ef9e59594625d87cdd2d46833f22a6373d7d71c26ac

    SHA512

    817f6a985ead5ed8b80900c4f074eb9f0ce9fcab2c3f73ea81741810a6c52877f12bc1aa7300f8d15c12616ce76ab761a9b2a75831d24281e76828a06d0a2d0d

  • C:\Users\Admin\AppData\Roaming\ewiuer2.exe

    Filesize

    65KB

    MD5

    0d510d7c7812e00ec9b90b4dd6d4863d

    SHA1

    f9499d7bf709a3f7b04aa00044d2a630666cceee

    SHA256

    d9639cb203b712647dfeb9455341ab24c77d6eb66b0c05c7e6b6c2d3a7bde5ff

    SHA512

    4e0bdbba5d792627c94d0cacff4e97a8210bb74330518a45b5d6a62b45d3735560a2b21935f4e6a71f1eb2e303029b2b7e37a297d475a6e4bfcfc7737d495597

  • C:\Windows\SysWOW64\ewiuer2.exe

    Filesize

    65KB

    MD5

    e11cbfe9c818b3e5ae1e234d9eee66c2

    SHA1

    1797bd6fb5b8cb7d1d68d4ffdb6e98e64a74dec2

    SHA256

    e47f98310c583afb634334a90a974c996658ba5b92ead276c299869d8e6acc25

    SHA512

    fa8fc0442b42484c18b4a37c21f34df6d43ee7cbb56d4e8ff2c1ec65aefe9521a7130cb89d230c45c429557ae421ff7e2faee759d1b363d5a598d7565d493cf1

  • C:\Windows\SysWOW64\ewiuer2.exe

    Filesize

    65KB

    MD5

    6811be0044bd871352d12470d7a39650

    SHA1

    14d7cf356e39d75ac4c9175996e02797fd94a4c1

    SHA256

    b5197c41096ed331af7f041de8efac831875086ae4207fabe5fa6885acb06dfa

    SHA512

    a1794f5cc27787d8c09a21cde7d6a76826122232cb9e26d9b96fa470e3e990742087a1e94bb7797122a64a4c0bf950076797ef0065d4b084326be301fc3087c7

  • memory/1096-26-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1096-27-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1128-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1128-19-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1988-18-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1988-20-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/1988-25-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4376-4-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4376-0-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4592-7-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4592-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

  • memory/4592-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB