Overview

overview

7

Static

static

3

06a2a6fa40...cs.exe

windows7-x64

7

06a2a6fa40...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe

  • Size

    7.0MB

  • MD5

    06a2a6fa40d1f299702dfb294c050d10

  • SHA1

    4ab5b1accc1ca77f5e0b705af6a6a00588ea9269

  • SHA256

    350575504587404ee49f88a7ebfcdc9564c9578424ac0d155cd298e3b66641a7

  • SHA512

    f586d83a5f8c34747ecf97486a5fe00e98309abbae20019f35eaf2de1528774917e8d4132e6c919b04af6215803ff44b12f935d13ac67a3303bf197e2b0672c7

  • SSDEEP

    98304:emhd1UryezG2MmYh6DMDyt8V7wQqZUha5jtSyZIUbn:elTqWQDc82QbaZtliK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\1526.tmp
      "C:\Users\Admin\AppData\Local\Temp\1526.tmp" --splashC:\Users\Admin\AppData\Local\Temp\06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe 8C6A45894C08DEBCABBF66D3B7041780987EB8770D26DAE231C559A743E5986B27EE0FAB97361CABF2B384E2563441FC1C5D837E02F4E1C9132E0BCEE58D4FEF
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\1526.tmp
    Filesize

    7.0MB

    MD5

    e657fe1314626833e89c2dc6a3155575

    SHA1

    6dbc78a99c5be6a08ab98d8cc912e462cbf82e2d

    SHA256

    1a83b231d3db34b867567ee74d8c0b215ade0a3d36a74818585c4fe1305d64af

    SHA512

    0be792087e35e430ddf97f12ba198a0f55f10942548d70c143b2a77dc00aa4ee9c01658c9aa650b79f20c1e545b24da70fcf9b1f564a74b99719a43011a92ee6

    Download Submit

  • memory/2292-9-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/3020-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download