Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 01:35
Static task
static1
Behavioral task
behavioral1
Sample
1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe
-
Size
320KB
-
MD5
1d4ac2306f38e51af076af9360c03d90
-
SHA1
1661ff1afedac4e863e1b655c35f5ac631d6e611
-
SHA256
76aa29bc6078be9e4a959a2087b0f19519ea5666cf1de7fe6e153efb3a74ab9e
-
SHA512
fd6fd749d607efd9a6627b112842d230163d45d55c85361e026264cef540fbc73609e50a12287823f53e9636b291e9dfbb0d5701730150b580b23d8b0f0868ec
-
SSDEEP
6144:SG4O75Y+9xSlLl/PMngCL3jUM9Zy9oX9aLisM+NeOV40saiigCX:SY5YRPknVI4ZlX9aLisvNeOVQ5zCX
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2704 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe -
Executes dropped EXE 1 IoCs
pid Process 2704 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe -
Loads dropped DLL 1 IoCs
pid Process 3068 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3068 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe -
Suspicious use of UnmapMainImage 1 IoCs
pid Process 2704 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3068 wrote to memory of 2704 3068 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe 29 PID 3068 wrote to memory of 2704 3068 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe 29 PID 3068 wrote to memory of 2704 3068 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe 29 PID 3068 wrote to memory of 2704 3068 1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Users\Admin\AppData\Local\Temp\1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exeC:\Users\Admin\AppData\Local\Temp\1d4ac2306f38e51af076af9360c03d90_NeikiAnalytics.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2704
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
320KB
MD50d7d8a426b26ccf46b2fbc14e7a04686
SHA103303eaa0ff9904e325495ad3cb82c2d4aeac218
SHA256695835e6990aaf6147b539224f610711dbcc2291824ef7f8e613864b04ee3ed6
SHA5120543ee19e4a416882e8ff4085b92b1cd6d8778a7cba9f50a98625ab3bd0bfa42f7301c12895d698683257d0e2ac99c472f2996062a221e995412b039c41a8300