Overview

overview

7

Static

static

3

06a2a6fa40...cs.exe

windows7-x64

7

06a2a6fa40...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe

  • Size

    7.0MB

  • MD5

    06a2a6fa40d1f299702dfb294c050d10

  • SHA1

    4ab5b1accc1ca77f5e0b705af6a6a00588ea9269

  • SHA256

    350575504587404ee49f88a7ebfcdc9564c9578424ac0d155cd298e3b66641a7

  • SHA512

    f586d83a5f8c34747ecf97486a5fe00e98309abbae20019f35eaf2de1528774917e8d4132e6c919b04af6215803ff44b12f935d13ac67a3303bf197e2b0672c7

  • SSDEEP

    98304:emhd1UryezG2MmYh6DMDyt8V7wQqZUha5jtSyZIUbn:elTqWQDc82QbaZtliK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Users\Admin\AppData\Local\Temp\320C.tmp
      "C:\Users\Admin\AppData\Local\Temp\320C.tmp" --splashC:\Users\Admin\AppData\Local\Temp\06a2a6fa40d1f299702dfb294c050d10_NeikiAnalytics.exe A89135298F1E4E3E2DE3C773A8B64BE9095F03F63B228941E8F839B5296EF04B8ED3C0F084F50434A17955D86D551BE98FB52B60D8AF3CFDA3EEC203C290A94E
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\320C.tmp
    Filesize

    7.0MB

    MD5

    6dd9ff82f72d1043391e2ddf7f888d72

    SHA1

    295dde19823660716cfab8f23cebbb44bc355536

    SHA256

    f29845a57a6adedabb418718c7bc37f032f407f578121ae02aae11315962cccb

    SHA512

    5e6c27313bc2a779b1bd02857bd6aa905c41e5d680e73fb5b3b7f5ed8a90dfdee04b77b9aef173ceee570cd1ee9c95162a8d8b9ea0f627a80d6519cc6a05a815

    Download Submit

  • memory/532-0-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/1080-5-0x0000000000400000-0x0000000000849000-memory.dmp

    Filesize

    4.3MB

    Download