Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 12:54

General

  • Target

    a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe

  • Size

    491KB

  • MD5

    a41f642e589e8d3d62b38d52845c9500

  • SHA1

    0703f280f9e784d747cae43ed70275885c257eb2

  • SHA256

    07d62da86e74ab2a12057d44c8ad4c9b47b71e6c46cb3ee083b4bfffa3af02eb

  • SHA512

    9b2b20c378a802a782539ecb809c7901efe335e1d2a79e443eb1fee0e3030428b939b174a50835fe70c82464400475e8033fe6d821d338b3a4f95d3e37e86a5e

  • SSDEEP

    12288:Ogik4HDwcLFHjNoY1PeHxMeBa4mQJb87VMbB1:rxsDwUvN2xMeBaQJb4MT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Users\Admin\AppData\Local\Temp\EXE256B.tmp
      "C:\Users\Admin\AppData\Local\Temp\EXE256B.tmp" "C:\Users\Admin\AppData\Local\Temp\OFM256C.tmp" "C:\Users\Admin\AppData\Local\Temp\a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Windows\splwow64.exe
        C:\Windows\splwow64.exe 12288
        3⤵
          PID:1200

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OFM256C.tmp

      Filesize

      13KB

      MD5

      ac0e30537569dc21b9e30cd0064b3f2e

      SHA1

      e3ea0bfb05e5d24ab74e650061d00f2b8d881c5e

      SHA256

      cd7511873b9c1174312d5788038a263a3d1ef5a8f669b0685eef5c33448f7cc1

      SHA512

      057bc2856842c6f51b5602541e824d8806817d5c41db587e613399d28294c08976da111c6426a36d91ad18835518598fd23b31fed831a83ab8b82856279a15ac

    • \Users\Admin\AppData\Local\Temp\EXE256B.tmp

      Filesize

      992KB

      MD5

      df5f1fe467cbcbababdb4733252dec20

      SHA1

      59a80d8d09224d02812f6a451c8dd75729600547

      SHA256

      2fca7e90c3a37859fc76126681104159500a4a191a7d4ec434e4a8562b73326e

      SHA512

      ed17aad99f6abe6f8c6c8d839dea49693170eef6299179bdf647babc5b5273423e21500414ddff8d3be150988f7f6e36e82750b890bd8bb76879c7b2d69eb9ce