a7b4b4c5d9297baa24259f5f241d3a39586c2d734b968d05d44ae1ab12ee08c3

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 06:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe
Size

61KB
MD5

9f57375815b7d4902e3d5788dca5afb0
SHA1

dbd1e44d221ff91e08d2b09b3ca9da32785c9ef9
SHA256

a7b4b4c5d9297baa24259f5f241d3a39586c2d734b968d05d44ae1ab12ee08c3
SHA512

7f28dcad2899c09e6e27b9aa40f8f924e5a73c6ffd3e68898d8dad7753f42058862f09ae54e6ae691f6a7d681aee0d8ca004f51c9399b1cef3ebf1a2302cd5a4
SSDEEP

1536:ittdse4OcUmWQIvEPZo6E5sEFd29NQgA2wHle5:ydse4OlQZo6EKEFdGM2Sle5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2828	ewiuer2.exe
2220	ewiuer2.exe
2708	ewiuer2.exe
2356	ewiuer2.exe
1644	ewiuer2.exe
240	ewiuer2.exe
2236	ewiuer2.exe

Loads dropped DLL 14 IoCs

pid	Process
2200	9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe
2200	9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe
2828	ewiuer2.exe
2828	ewiuer2.exe
2220	ewiuer2.exe
2220	ewiuer2.exe
2708	ewiuer2.exe
2708	ewiuer2.exe
2356	ewiuer2.exe
2356	ewiuer2.exe
1644	ewiuer2.exe
1644	ewiuer2.exe
240	ewiuer2.exe
240	ewiuer2.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe
File opened for modification	C:\Windows\SysWOW64\ewiuer2.exe	ewiuer2.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2828	2200	9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe	28
PID 2200 wrote to memory of 2828	2200	9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe	28
PID 2200 wrote to memory of 2828	2200	9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe	28
PID 2200 wrote to memory of 2828	2200	9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe	28
PID 2828 wrote to memory of 2220	2828	ewiuer2.exe	32
PID 2828 wrote to memory of 2220	2828	ewiuer2.exe	32
PID 2828 wrote to memory of 2220	2828	ewiuer2.exe	32
PID 2828 wrote to memory of 2220	2828	ewiuer2.exe	32
PID 2220 wrote to memory of 2708	2220	ewiuer2.exe	33
PID 2220 wrote to memory of 2708	2220	ewiuer2.exe	33
PID 2220 wrote to memory of 2708	2220	ewiuer2.exe	33
PID 2220 wrote to memory of 2708	2220	ewiuer2.exe	33
PID 2708 wrote to memory of 2356	2708	ewiuer2.exe	35
PID 2708 wrote to memory of 2356	2708	ewiuer2.exe	35
PID 2708 wrote to memory of 2356	2708	ewiuer2.exe	35
PID 2708 wrote to memory of 2356	2708	ewiuer2.exe	35
PID 2356 wrote to memory of 1644	2356	ewiuer2.exe	36
PID 2356 wrote to memory of 1644	2356	ewiuer2.exe	36
PID 2356 wrote to memory of 1644	2356	ewiuer2.exe	36
PID 2356 wrote to memory of 1644	2356	ewiuer2.exe	36
PID 1644 wrote to memory of 240	1644	ewiuer2.exe	38
PID 1644 wrote to memory of 240	1644	ewiuer2.exe	38
PID 1644 wrote to memory of 240	1644	ewiuer2.exe	38
PID 1644 wrote to memory of 240	1644	ewiuer2.exe	38
PID 240 wrote to memory of 2236	240	ewiuer2.exe	39
PID 240 wrote to memory of 2236	240	ewiuer2.exe	39
PID 240 wrote to memory of 2236	240	ewiuer2.exe	39
PID 240 wrote to memory of 2236	240	ewiuer2.exe	39

C:\Users\Admin\AppData\Local\Temp\9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9f57375815b7d4902e3d5788dca5afb0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  C:\Users\Admin\AppData\Roaming\ewiuer2.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2828
- - C:\Windows\SysWOW64\ewiuer2.exe
    C:\Windows\System32\ewiuer2.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2356
      - C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1644
        
        C:\Windows\SysWOW64\ewiuer2.exe
        
        C:\Windows\System32\ewiuer2.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:240
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        
        C:\Users\Admin\AppData\Roaming\ewiuer2.exe
        8⤵
        Executes dropped EXE
        
        PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7SQW8POS.txt

Filesize
229B

MD5
0b2f1a9ec379d09c7e54e87cf3c0650c

SHA1
dca5afa521ab850fd847f4ebeb04a38545265c66

SHA256
86d22965cebcd32fd526c9a3d12d118c7aa0dd82cb0d3d96c8f919a0ffe234e7

SHA512
33cdef30bc26a84af2325a20eca36368f4e923ee8fb9dbd02a57e25c18e2e9b478e3d6aaf0ec1d494e59fb0a9e3a7f4a76dc6b0f5e67bd9978880c25d0fa1f0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GBW3EC0W.txt

Filesize
230B

MD5
c168256b10f381b14603c1b9bbea90fa

SHA1
8dc448a76a9281e3ac7359aebe478794ef24f45f

SHA256
b0a229fa8acbec1c7064d2f580dc7fa49afa974ee86bb4a35b22a4a60d106051

SHA512
09bc9c242b17bb61aa439174aed10844ddcee303311241b9b53eb6578dc65226992161723d0372530af7815b915ff0c5c66c05cb44b133205050f3fa79951177

Download Submit
C:\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
4a8dd597953d0e2ac05c1a6aef7ad408

SHA1
85e1154fb51622dac5880741f9e23d8a4413671c

SHA256
6e4afd4972e98a0ab5a12e539b2242bcbdbefc1014b46bedbaed69957296bc02

SHA512
406543cbef80ec8938e3f57cb820735a7bbb3d4f4d73b92d963e063c4e61d3d94b688f874d8249dd6ec0ed799b228325372e53b49e5a5e2b7a8e7dd1c62ee01b

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
cdef4f7b1df54883efbca877ad16b017

SHA1
101506205a73f215d2f1360252250f1d11bcdaed

SHA256
de64c1f1ca69897238e02d9b5231ff562ab0533b99e3657cf752bac5697cb48a

SHA512
183ca77bb66f8a95ec4e781944fbceccc34b92964f302f2773dd8bd05bf5ea064b0005137d35d4f650b10525043428e03f614d7a599d9b7e0e36144d8b8e2de0

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
9f6bc4de4644e62af275ccf8935c2b4f

SHA1
3ee5af5f12c7c03bc1cc18c9e8b962a56126d38a

SHA256
088c6e3c03f76561828dc4af6e0994d30e30eef47d51d3c827c42adf31ea6952

SHA512
9861e8b94f6afb2fe0e05913ca5bdd591b2665131e955fafdfa3bad508e4d8926636d3e200c56237205068f6a6a77da673383459f6f4e07f827d9ee2985ed0e3

Download Submit
\Users\Admin\AppData\Roaming\ewiuer2.exe

Filesize
61KB

MD5
6cae2af0dd5cc31f6c8552d26f83424a

SHA1
fb978b1dd5569d62ebe9765f88244177adf4de9a

SHA256
02d17bd3423d1a27deb18afd6c6dd5f583e3bca075cd337c66b7868ee2eef669

SHA512
f03e6f460b8a696ff3359b50d490094df064b3019af7a32e04954d17066f7cd37e0b4012b571877b066cd1afc15565edbd652a4c9b98c0bf7194372ff2c4502c

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
75361fff2d55bfdb5528af4c6e61e1d2

SHA1
450eb30b5bd9185d357d86a1c2762a5c86ff092a

SHA256
8c29c903ddca87fac7c868d71dfa8edc46a3e89b8fa83af06f42587f3ba3eadd

SHA512
01549a90ae0f636d96b1edd4f9485a23651799d6631b1e8845981265ad90ed4f0d00fc0d15e781121d452b11e6ebab5e9115322ae22820612cff0e1d492ae25c

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
77711cb1f1c84c3f0f2cee30e8a455bb

SHA1
53c458c0cb43273c9b5bbd80db18c366744ae6fa

SHA256
b9f16cb547d62a802ed827b0554571df46b8bf1a27f6e0417ff5cdfac789e3d5

SHA512
702ce5f92e441bac6652270adb1c2c65ae125d184e803c28981cf7169591e9b6dd1785f21cdd943eb25f8f49a3aee8b09bc0662910d65a2dd2c8ad03bfda504c

Download Submit
\Windows\SysWOW64\ewiuer2.exe

Filesize
61KB

MD5
8b8c65a6a6d33281e13f716e20e26c79

SHA1
f56ba2802799ca4ec1a6d975d70e8268ec254e62

SHA256
8b05f80583b040ff052d208874cf22f051b9177b07bf6cb4c94e744209a3c7a3

SHA512
52b60daef93409095f14e4f34df8ba57d5c4f9fb6001d9eedba4e00589874f51a1f9fead2e70e0209ddf946de6862b0a7a29fd7780d989c5a30df8728cc2a321

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads