Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 22:36
Static task
static1
Behavioral task
behavioral1
Sample
78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe
-
Size
65KB
-
MD5
78212682e8630cff3380ba7684d296d0
-
SHA1
879f0ceed063ec2d6cd59ac0b1d61e70270c508e
-
SHA256
1edd34321d435b4e30564f4cc801647385ffeb15f5f027f94cd946671acaad82
-
SHA512
2489d1629a1d52599c030853fc0824dffaa26927314e17b40a28090eb44051377b21e29ada9f570008e4b581a454c3ebc29288089a3e0a91c76aeb2a31cda265
-
SSDEEP
768:heQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:h9IvEPZo6Ead29NQgA2wQle56
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
pid Process 4592 ewiuer2.exe 1128 ewiuer2.exe 1988 ewiuer2.exe 1096 ewiuer2.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe File opened for modification C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe File opened for modification C:\Windows\SysWOW64\viesazm.mpk ewiuer2.exe File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 4376 wrote to memory of 4592 4376 78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe 83 PID 4376 wrote to memory of 4592 4376 78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe 83 PID 4376 wrote to memory of 4592 4376 78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe 83 PID 4592 wrote to memory of 1128 4592 ewiuer2.exe 96 PID 4592 wrote to memory of 1128 4592 ewiuer2.exe 96 PID 4592 wrote to memory of 1128 4592 ewiuer2.exe 96 PID 1128 wrote to memory of 1988 1128 ewiuer2.exe 97 PID 1128 wrote to memory of 1988 1128 ewiuer2.exe 97 PID 1128 wrote to memory of 1988 1128 ewiuer2.exe 97 PID 1988 wrote to memory of 1096 1988 ewiuer2.exe 99 PID 1988 wrote to memory of 1096 1988 ewiuer2.exe 99 PID 1988 wrote to memory of 1096 1988 ewiuer2.exe 99
Processes
-
C:\Users\Admin\AppData\Local\Temp\78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\78212682e8630cff3380ba7684d296d0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4376 -
C:\Users\Admin\AppData\Roaming\ewiuer2.exeC:\Users\Admin\AppData\Roaming\ewiuer2.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4592 -
C:\Windows\SysWOW64\ewiuer2.exeC:\Windows\System32\ewiuer2.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1128 -
C:\Users\Admin\AppData\Roaming\ewiuer2.exeC:\Users\Admin\AppData\Roaming\ewiuer2.exe4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Windows\SysWOW64\ewiuer2.exeC:\Windows\System32\ewiuer2.exe5⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1096
-
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD57b69c3994c5d7bf45923675b3688045e
SHA1153e7ba17dd912b1478bec690019ee311b25271e
SHA256879daaf764189ad17a4a0ef9e59594625d87cdd2d46833f22a6373d7d71c26ac
SHA512817f6a985ead5ed8b80900c4f074eb9f0ce9fcab2c3f73ea81741810a6c52877f12bc1aa7300f8d15c12616ce76ab761a9b2a75831d24281e76828a06d0a2d0d
-
Filesize
65KB
MD50d510d7c7812e00ec9b90b4dd6d4863d
SHA1f9499d7bf709a3f7b04aa00044d2a630666cceee
SHA256d9639cb203b712647dfeb9455341ab24c77d6eb66b0c05c7e6b6c2d3a7bde5ff
SHA5124e0bdbba5d792627c94d0cacff4e97a8210bb74330518a45b5d6a62b45d3735560a2b21935f4e6a71f1eb2e303029b2b7e37a297d475a6e4bfcfc7737d495597
-
Filesize
65KB
MD5e11cbfe9c818b3e5ae1e234d9eee66c2
SHA11797bd6fb5b8cb7d1d68d4ffdb6e98e64a74dec2
SHA256e47f98310c583afb634334a90a974c996658ba5b92ead276c299869d8e6acc25
SHA512fa8fc0442b42484c18b4a37c21f34df6d43ee7cbb56d4e8ff2c1ec65aefe9521a7130cb89d230c45c429557ae421ff7e2faee759d1b363d5a598d7565d493cf1
-
Filesize
65KB
MD56811be0044bd871352d12470d7a39650
SHA114d7cf356e39d75ac4c9175996e02797fd94a4c1
SHA256b5197c41096ed331af7f041de8efac831875086ae4207fabe5fa6885acb06dfa
SHA512a1794f5cc27787d8c09a21cde7d6a76826122232cb9e26d9b96fa470e3e990742087a1e94bb7797122a64a4c0bf950076797ef0065d4b084326be301fc3087c7