Analysis
-
max time kernel
91s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:03
Static task
static1
Behavioral task
behavioral1
Sample
a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a2bbfefeb1ab5e1aaf429a1a0c301270
-
SHA1
6a6dd1ed9768dbfc96d592e96025884a6287c007
-
SHA256
6d1fb5dc3fc87106c1ece84cd578d4e607eafa6e457a01cc8177afb2ae79ba74
-
SHA512
62818093c03dfdf755cc4680d1a1d111441719f6d9ef3459d953982e1a0daadd1f24ad823bfedead0ce05f80ca27b09257200aba9fd6918ecbabc427de5706dc
-
SSDEEP
1536:zvYONtUW2tbTs1OQA8AkqUhMb2nuy5wgIP0CSJ+5yYdB8GMGlZ5G:zvYODUTpfGdqU7uy5w9WMyYdN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 860 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4292 wrote to memory of 1244 4292 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 83 PID 4292 wrote to memory of 1244 4292 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 83 PID 4292 wrote to memory of 1244 4292 a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe 83 PID 1244 wrote to memory of 860 1244 cmd.exe 84 PID 1244 wrote to memory of 860 1244 cmd.exe 84 PID 1244 wrote to memory of 860 1244 cmd.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a2bbfefeb1ab5e1aaf429a1a0c301270_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4292 -
C:\Windows\SysWOW64\cmd.exePID:1244
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:860
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5029b06085fe272fd8746877d92d5cb38
SHA1e5d8468f57837b09915c781a39eec1e86562c375
SHA256567fae947f8ad4970573dbb358e5a3715e55457af2fe3ce136cbcff2483b7e72
SHA512816487e72eb44a56054d64e40ec37c875f61a01d222e89d4ebb7e6dc624d1c4c4f8f0bc6b9ca80e75c5d9652b61fae98bc88592188f82a01d413575cb194ec13