Overview

overview

7

Static

static

3

3346eade51...cs.exe

windows7-x64

7

3346eade51...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3346eade51019b709fd0362924e761b0_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    3346eade51019b709fd0362924e761b0

  • SHA1

    13fac6bb3ce08029f1930f7df90ee8770230b38a

  • SHA256

    fb1ef6ccf7f6cc479b1b31821cf69335f66e02b90f1aaa887d3d19eebe495056

  • SHA512

    45007e59052b22c5b1ecee3ca7baac0720fd519502fadb4dad09b6e9bfdd71685b08f1e1bb8ddb825e55610c5f44a76e48704a2184fea5dc9a28f7207d63a963

  • SSDEEP

    768:m8eRH+9lFh0ul16sh7iQroCHXf+RjFBSuB2XgbHIf:m9l+Z16sh7iQroCWRB0uDIf

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3346eade51019b709fd0362924e761b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3346eade51019b709fd0362924e761b0_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:392
    • C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe
      "C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe"
      2⤵
      • Executes dropped EXE
      PID:2996
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3760,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
    1⤵
      PID:336

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe
      Filesize

      41KB

      MD5

      efb9b94d33be6206d9f2dad78dd2d05d

      SHA1

      529515a3ebb770cd42dd48eb992c52b3c3eb0fbd

      SHA256

      93f3c141c86214ac0e47d62fa8eed08ffcaa51ae5a6007f28f032b38296f6d3f

      SHA512

      ac097cf7b8038d0a2d437c347badaec555f5f1fd4f9af8ecb23d136206fe7f5e0c03c26f9979be12dde49b8c8052fd5472d748d0fc980401f28b58fa573b2003

      Download Submit

    • memory/392-0-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/392-2-0x0000000004000000-0x0000000004006000-memory.dmp

      Filesize

      24KB

      Download

    • memory/392-1-0x0000000004000000-0x0000000004006000-memory.dmp

      Filesize

      24KB

      Download

    • memory/392-12-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2996-11-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download