Analysis

  • max time kernel
    18s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:36

General

  • Target

    1d7111ab5f67a519b7e271d4bcda9340_NeikiAnalytics.exe

  • Size

    505KB

  • MD5

    1d7111ab5f67a519b7e271d4bcda9340

  • SHA1

    489f63443ae8c79b9db2bbca9eb6b3ca42567b4d

  • SHA256

    12f61e065a1c1f70c4255d68451fc5a54f02d336ca241f9513427f668ee38c57

  • SHA512

    305140a2c981e8d4808837a731d4eb07f9508ed3e4f5b100ef912a252d4c63869c4b99b4968e55c3f65f2b56959a1a50705adb409f23e02c07b6cdb7f8bdf5b4

  • SSDEEP

    12288:wlbG+b1gL5pRTcAkS/3hzN8qE43fm78V5:WbG+G5jcAkSYqyE5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d7111ab5f67a519b7e271d4bcda9340_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\1d7111ab5f67a519b7e271d4bcda9340_NeikiAnalytics.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:1968
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev140D.tmp!C:\Users\Admin\AppData\Local\Temp\1d7111ab5f67a519b7e271d4bcda9340_NeikiAnalytics.exe! !
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Users\Admin\AppData\Local\Temp\1D7111AB5F67A519B7E271D4BCDA9340_NEIKIANALYTICS.EXE
        3⤵
        • Executes dropped EXE
        PID:2996
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev140D.tmp!C:\Users\Admin\AppData\Local\Temp\1D7111AB5F67A519B7E271D4BCDA9340_NEIKIANALYTICS.EXE!
        3⤵
        • Executes dropped EXE
        PID:2808

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1d7111ab5f67a519b7e271d4bcda9340_NeikiAnalytics.exe

          Filesize

          458KB

          MD5

          619f7135621b50fd1900ff24aade1524

          SHA1

          6c7ea8bbd435163ae3945cbef30ef6b9872a4591

          SHA256

          344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

          SHA512

          2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

        • C:\Windows\MSWDM.EXE

          Filesize

          47KB

          MD5

          02252334fa17a25b781e2bfebd1bca3d

          SHA1

          a72858647bf5774aefcb9e064a5db74728d6a483

          SHA256

          3149abb7c1b6e56672f70f483b24222d0a41b948e7b7ec5ad8e66197480173fe

          SHA512

          8d3e14398fe9e1cae632762f85a548e5f7c455a2f8481e30017e2caad14412215f88ca217a109cfb87f3cb41603c0560c90de4cc648039f9f62b017427b33413

        • memory/1968-30-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2208-14-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2208-29-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2740-0-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2740-12-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/2808-25-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB