Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 11:59
Static task
static1
Behavioral task
behavioral1
Sample
a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a2a872af28f83af57c0dab9fb6eef940
-
SHA1
190802f4af9c763addfa61a013e46900cb874a38
-
SHA256
6e1a554767713b77b0415fda986a2dac3aae62a5662f39c00523705f2db370b9
-
SHA512
1cad0c322ec4cfd3e141af3f84bf7a1deca85ab31dbcad3df873e90201b04ca87a77d438477a32924192f8c7e4a0f494e471ca2371ea33a251f9b01435802355
-
SSDEEP
1536:zv66mWLYKn8V5JOQA8AkqUhMb2nuy5wgIP0CSJ+5yjB8GMGlZ5G:zv6PsoIGdqU7uy5w9WMyjN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2452 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1952 cmd.exe 1952 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3068 wrote to memory of 1952 3068 a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe 29 PID 3068 wrote to memory of 1952 3068 a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe 29 PID 3068 wrote to memory of 1952 3068 a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe 29 PID 3068 wrote to memory of 1952 3068 a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe 29 PID 1952 wrote to memory of 2452 1952 cmd.exe 30 PID 1952 wrote to memory of 2452 1952 cmd.exe 30 PID 1952 wrote to memory of 2452 1952 cmd.exe 30 PID 1952 wrote to memory of 2452 1952 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2a872af28f83af57c0dab9fb6eef940_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1952 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2452
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5d6fd839cd872ec5e24e79728f0a37e97
SHA102af506462118ae2ead98f70bb68e6d88f079166
SHA2562700a8134f8c1581275565ea72cd6604b690e6511c325a21bb4ac4a3ff2d7542
SHA51268c70531610f30ad25854c7d8e9d8b4ada35b5678b7e8f43e0f9bc2d2e4d6a16f3dd2a9ef941c923148cb29579f851bcd1a585f854f7f588b9096fde49b0573f