Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:03
Static task
static1
Behavioral task
behavioral1
Sample
a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a2bbfefeb1ab5e1aaf429a1a0c301270
-
SHA1
6a6dd1ed9768dbfc96d592e96025884a6287c007
-
SHA256
6d1fb5dc3fc87106c1ece84cd578d4e607eafa6e457a01cc8177afb2ae79ba74
-
SHA512
62818093c03dfdf755cc4680d1a1d111441719f6d9ef3459d953982e1a0daadd1f24ad823bfedead0ce05f80ca27b09257200aba9fd6918ecbabc427de5706dc
-
SSDEEP
1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5yYdB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMyYdN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 548 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1668 cmd.exe 1668 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1800 wrote to memory of 1668 1800 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 29 PID 1800 wrote to memory of 1668 1800 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 29 PID 1800 wrote to memory of 1668 1800 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 29 PID 1800 wrote to memory of 1668 1800 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 29 PID 1668 wrote to memory of 548 1668 cmd.exe 30 PID 1668 wrote to memory of 548 1668 cmd.exe 30 PID 1668 wrote to memory of 548 1668 cmd.exe 30 PID 1668 wrote to memory of 548 1668 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1668 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:548
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5029b06085fe272fd8746877d92d5cb38
SHA1e5d8468f57837b09915c781a39eec1e86562c375
SHA256567fae947f8ad4970573dbb358e5a3715e55457af2fe3ce136cbcff2483b7e72
SHA512816487e72eb44a56054d64e40ec37c875f61a01d222e89d4ebb7e6dc624d1c4c4f8f0bc6b9ca80e75c5d9652b61fae98bc88592188f82a01d413575cb194ec13