Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:54
Static task
static1
Behavioral task
behavioral1
Sample
a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe
-
Size
491KB
-
MD5
a41f642e589e8d3d62b38d52845c9500
-
SHA1
0703f280f9e784d747cae43ed70275885c257eb2
-
SHA256
07d62da86e74ab2a12057d44c8ad4c9b47b71e6c46cb3ee083b4bfffa3af02eb
-
SHA512
9b2b20c378a802a782539ecb809c7901efe335e1d2a79e443eb1fee0e3030428b939b174a50835fe70c82464400475e8033fe6d821d338b3a4f95d3e37e86a5e
-
SSDEEP
12288:Ogik4HDwcLFHjNoY1PeHxMeBa4mQJb87VMbB1:rxsDwUvN2xMeBaQJb4MT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2536 EXE256B.tmp -
Loads dropped DLL 2 IoCs
pid Process 2980 a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe 2980 a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2536 EXE256B.tmp 2536 EXE256B.tmp -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2980 wrote to memory of 2536 2980 a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe 28 PID 2980 wrote to memory of 2536 2980 a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe 28 PID 2980 wrote to memory of 2536 2980 a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe 28 PID 2980 wrote to memory of 2536 2980 a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe 28 PID 2536 wrote to memory of 1200 2536 EXE256B.tmp 29 PID 2536 wrote to memory of 1200 2536 EXE256B.tmp 29 PID 2536 wrote to memory of 1200 2536 EXE256B.tmp 29 PID 2536 wrote to memory of 1200 2536 EXE256B.tmp 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2980 -
C:\Users\Admin\AppData\Local\Temp\EXE256B.tmp"C:\Users\Admin\AppData\Local\Temp\EXE256B.tmp" "C:\Users\Admin\AppData\Local\Temp\OFM256C.tmp" "C:\Users\Admin\AppData\Local\Temp\a41f642e589e8d3d62b38d52845c9500_NeikiAnalytics.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122883⤵PID:1200
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5ac0e30537569dc21b9e30cd0064b3f2e
SHA1e3ea0bfb05e5d24ab74e650061d00f2b8d881c5e
SHA256cd7511873b9c1174312d5788038a263a3d1ef5a8f669b0685eef5c33448f7cc1
SHA512057bc2856842c6f51b5602541e824d8806817d5c41db587e613399d28294c08976da111c6426a36d91ad18835518598fd23b31fed831a83ab8b82856279a15ac
-
Filesize
992KB
MD5df5f1fe467cbcbababdb4733252dec20
SHA159a80d8d09224d02812f6a451c8dd75729600547
SHA2562fca7e90c3a37859fc76126681104159500a4a191a7d4ec434e4a8562b73326e
SHA512ed17aad99f6abe6f8c6c8d839dea49693170eef6299179bdf647babc5b5273423e21500414ddff8d3be150988f7f6e36e82750b890bd8bb76879c7b2d69eb9ce