Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 04:53

General

  • Target

    3a6c12fd9277061790265b57ab2a7220_NeikiAnalytics.exe

  • Size

    41KB

  • MD5

    3a6c12fd9277061790265b57ab2a7220

  • SHA1

    66882d0daeacdcd044fe205bcbb8878352437b64

  • SHA256

    fde4307a86fb4eb3d7767119879c4a29586c52c15f31fd20ef7f13cde7a52c7c

  • SHA512

    c949f7f31dda57cb8aa311b62c826c3325e1519f33cb84b6688a99d03524acf77bc190adfdaee0d1dd1441c3e41ab5169426168a1c508e50a2b174956f84f23d

  • SSDEEP

    768:MApQr0ovdFJI34eGxusOy9Rp1pLeAxoeC48PqK1c:MAaDJlMsh7pWezH

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a6c12fd9277061790265b57ab2a7220_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\3a6c12fd9277061790265b57ab2a7220_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\windows\SysWOW64\sal.exe
      "C:\windows\system32\sal.exe"
      2⤵
      • Executes dropped EXE
      PID:3000

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\sal.exe

          Filesize

          41KB

          MD5

          f961142c934729fe3a78368b5a4ea78b

          SHA1

          b14186942b4d42883af0d78899260a2260ba47c5

          SHA256

          1dbd0daf97470db46952338bf7d79274d0db54967de2966ed993dab3b1727b87

          SHA512

          258ba5b86a11ff9ef00c2d1de083fb610fae6b3ce54770f93191f2f4078c7ce750535017cc9506da030c6be04b917c05bafd6461046ee3c4650d3c6f450e599b

        • memory/1800-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/1800-4-0x0000000000380000-0x0000000000389000-memory.dmp

          Filesize

          36KB

        • memory/1800-11-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/3000-13-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB