Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a06ca9d121238a22d83eb117a09a2c60
-
SHA1
29a48c2e68f91c63e2e5c3a36c778645b6d75a3f
-
SHA256
e0f739adffcba1137b5abd0a375609f9f4780d79be8460a0d532ce51cec9027a
-
SHA512
cfa6c5cab027b610831e4e35b34a0944e91ab5f3c8e8f741adbd8a377d18fafbb770156e16d123dbf68365f71adbbcf342ea54a2d623cbaa0758484f5a7dbe27
-
SSDEEP
1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMyHN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2980 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2096 cmd.exe 2096 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1684 wrote to memory of 2096 1684 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 29 PID 1684 wrote to memory of 2096 1684 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 29 PID 1684 wrote to memory of 2096 1684 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 29 PID 1684 wrote to memory of 2096 1684 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 29 PID 2096 wrote to memory of 2980 2096 cmd.exe 30 PID 2096 wrote to memory of 2980 2096 cmd.exe 30 PID 2096 wrote to memory of 2980 2096 cmd.exe 30 PID 2096 wrote to memory of 2980 2096 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1684 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2980
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5924762a83436c3655ef2feefb762063c
SHA1e3eca227b66c9d50dc0ff67c316c92fa66f07434
SHA256f2bab731e3fac56f1912243ec53d00850aa5025dd242a7e012fb4dee934bd522
SHA5129d23eeeb71bca740841865b33673aa73a46b7dc6d78b149943fc66ef62296967e632f03d5fb82376f401bac7644d0c3f66e5d9c77c25b31bbf9fa752fdc46e10