Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 10:40
Static task
static1
Behavioral task
behavioral1
Sample
a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a06ca9d121238a22d83eb117a09a2c60
-
SHA1
29a48c2e68f91c63e2e5c3a36c778645b6d75a3f
-
SHA256
e0f739adffcba1137b5abd0a375609f9f4780d79be8460a0d532ce51cec9027a
-
SHA512
cfa6c5cab027b610831e4e35b34a0944e91ab5f3c8e8f741adbd8a377d18fafbb770156e16d123dbf68365f71adbbcf342ea54a2d623cbaa0758484f5a7dbe27
-
SSDEEP
1536:zvqrRgojWFT+eDOQA8AkqUhMb2nuy5wgIP0CSJ+5yHB8GMGlZ5G:zvCRkFT3iGdqU7uy5w9WMyHN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4688 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 224 wrote to memory of 4960 224 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 91 PID 224 wrote to memory of 4960 224 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 91 PID 224 wrote to memory of 4960 224 a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe 91 PID 4960 wrote to memory of 4688 4960 cmd.exe 92 PID 4960 wrote to memory of 4688 4960 cmd.exe 92 PID 4960 wrote to memory of 4688 4960 cmd.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a06ca9d121238a22d83eb117a09a2c60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Windows\SysWOW64\cmd.exePID:4960
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:4688
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3896 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:81⤵PID:3628
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5924762a83436c3655ef2feefb762063c
SHA1e3eca227b66c9d50dc0ff67c316c92fa66f07434
SHA256f2bab731e3fac56f1912243ec53d00850aa5025dd242a7e012fb4dee934bd522
SHA5129d23eeeb71bca740841865b33673aa73a46b7dc6d78b149943fc66ef62296967e632f03d5fb82376f401bac7644d0c3f66e5d9c77c25b31bbf9fa752fdc46e10