Analysis
-
max time kernel
146s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:37
Static task
static1
Behavioral task
behavioral1
Sample
1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe
-
Size
65KB
-
MD5
1d8539b07f6768fa73906b1a6b3d6450
-
SHA1
88cdcb016a86bb8236680212e0a1a425651d1cc0
-
SHA256
89cff9ef03cc8f94ed69b7a9d4bc25b460a5277e37c579d1d749f960c5c10719
-
SHA512
725a91604f77b6ab4b5d276116dd20d66f2534240dc8d50afa5665756fd952439877124df638c5ed5819107b3dfb963502197bf855c21628cdf2038900ac632e
-
SSDEEP
768:KeJIvFKPZo2rmEasjcj29NWngAHxcw9ppEaxglaX5uA6:KQIvEPZovEad29NQgA2wQle5i
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
pid Process 3972 ewiuer2.exe 2152 ewiuer2.exe 2352 ewiuer2.exe -
Drops file in System32 directory 4 IoCs
description ioc Process File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe File opened for modification C:\Windows\SysWOW64\viesazm.mpk ewiuer2.exe File created C:\Windows\SysWOW64\ewiuer2.exe ewiuer2.exe File opened for modification C:\Windows\SysWOW64\viesazm.mpk ewiuer2.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 4228 wrote to memory of 3972 4228 1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe 85 PID 4228 wrote to memory of 3972 4228 1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe 85 PID 4228 wrote to memory of 3972 4228 1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe 85 PID 3972 wrote to memory of 2152 3972 ewiuer2.exe 102 PID 3972 wrote to memory of 2152 3972 ewiuer2.exe 102 PID 3972 wrote to memory of 2152 3972 ewiuer2.exe 102 PID 2152 wrote to memory of 2352 2152 ewiuer2.exe 110 PID 2152 wrote to memory of 2352 2152 ewiuer2.exe 110 PID 2152 wrote to memory of 2352 2152 ewiuer2.exe 110
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d8539b07f6768fa73906b1a6b3d6450_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4228 -
C:\Users\Admin\AppData\Roaming\ewiuer2.exeC:\Users\Admin\AppData\Roaming\ewiuer2.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3972 -
C:\Windows\SysWOW64\ewiuer2.exeC:\Windows\System32\ewiuer2.exe3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\SysWOW64\ewiuer2.exeC:\Windows\SysWOW64\ewiuer2.exe /nomove4⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2352
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65KB
MD562cb01da2fba5d38d973c0f27546d711
SHA13cce415bd0233501ed5887883dce9cccd171efe5
SHA256c86c55e8b8eeb513e2d5bbc292695a0a33b772502de3ad48b02f764577e983cb
SHA51276b51122f44f238b32e7c7feb6b9c2b20318dfcd5e595eb7f18641e7414bf38bb8880a78e043f820879346850a8ef910fe99beef2abf1d1d0c9d9a8b18675c17
-
Filesize
65KB
MD5bc9340595e77ac4827a5169315c616ba
SHA159a00d23fdc922d8dd4362b0786fc3092df739dc
SHA2568bfcdc57e56c11b1076c4bdd926c74a4a06e8832af19700542372865cf2881cd
SHA5129ee8fd9955869b86540434fc71c3b191daaeecfaefdb71d1ca9b679c28a191bde2cfbfb7990718061eb5cf1d99d4f970c5a069594b7a630f81a2b518be153ce4