Overview

overview

7

Static

static

3

9c2d5ab45d...cs.exe

windows7-x64

7

9c2d5ab45d...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 04:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9c2d5ab45d959d1fd8217fc09757d0b0_NeikiAnalytics.exe

  • Size

    410KB

  • MD5

    9c2d5ab45d959d1fd8217fc09757d0b0

  • SHA1

    e6a6923a2d92faead05c490c960de4b5dd8a9cd2

  • SHA256

    01275e509796e56dcfc195ed77e6cb09ffeb5d926330a51f4d954593830b5df8

  • SHA512

    8aec97f62279afdf68796671637c6cf36772280259162c80a938e6f8fbcc89643b4904edac0e9a6e2a5bb28db1ece4b224cede4ee48151c9f9f7e92a8270a227

  • SSDEEP

    6144:6BxIK3CTW8TMjp41u6nyHwnZeBG8oqp87czGrA1ZDL7ItmVnAd/:CxIK9V14ImyHYCp87jrA1ZDAph

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c2d5ab45d959d1fd8217fc09757d0b0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\9c2d5ab45d959d1fd8217fc09757d0b0_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\ProgramData\rjubl.exe
      "C:\ProgramData\rjubl.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:3052

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\MSOCache .exe
          Filesize

          410KB

          MD5

          0e0a1bb8c3fdef26fd4eae14f9e58982

          SHA1

          e36768a133b6d4b2d9414a95ff11bab85834ba0f

          SHA256

          ca88e0848aa49e2e92e57f2ba86c27cf606ae45428d428e2b98555b5e06da9de

          SHA512

          aacc5794a53f230a12534bfe2da60ada985a59d02d2a6c2c6efa553b15f4fd8deb4673f56c6c4da55c7b5a35240286e2321e97fa6472a8871583d55d63722ae6

          Download Submit

        • C:\ProgramData\Saaaalamm\Mira.h
          Filesize

          150KB

          MD5

          aef10b9ba25f907727558514f2dfbab0

          SHA1

          d67383ef1b23d4da72339d66de9541c2e1efaf53

          SHA256

          f5e77ddc706f6dffe056dc2f8a88adece36e0e4552bc70a85f36b1e01fe547ad

          SHA512

          5e607a70ca3fa489897f8df0c96570709839364cd8cabd5f76386dfff01ca2986d50c120cf82926dff950c7d7b6ec833ea7558b64ec8f0dfe2e5070abf1da103

          Download Submit

        • C:\ProgramData\rjubl.exe
          Filesize

          259KB

          MD5

          c4fa8d2dfe02dbfb55cdf0605c54c392

          SHA1

          8e7e03014a9a00d38fc9a2ebf9ce38a9955766aa

          SHA256

          09e2e67a0e4b19520ba6ab4744f2a3f23ca08f464de0aac95d2c5406c11a889f

          SHA512

          4568334424755e0ff641100eb9aa2c69aedf6dc1e06945948b929bb84e868b882a7d79f5579f20150a06f989cbdfc375fa8dd3d66e6ae035a516bb007624c23b

          Download Submit

        • memory/3036-0-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3036-1-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3036-14-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3052-131-0x0000000000400000-0x0000000000448000-memory.dmp

          Filesize

          288KB

          Download