Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a42a6f6e95c60970d1e9a06846c58360
-
SHA1
63d0378f9f63c14562d362916005e393d153ad82
-
SHA256
631af64737e7a3f588fccafc7323f97bbc2c0d5d8d14bae3c76845b3a38f1398
-
SHA512
a077a95d2c4c82d3faf37c738a4c934ec3981ac7643558c61973757eb6d7956373766370ea0d8c23d868321ffeb5ed678ce66f39ed817c93f751446557c80583
-
SSDEEP
1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyCN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2008 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1736 cmd.exe 1736 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1276 wrote to memory of 1736 1276 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 29 PID 1276 wrote to memory of 1736 1276 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 29 PID 1276 wrote to memory of 1736 1276 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 29 PID 1276 wrote to memory of 1736 1276 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 29 PID 1736 wrote to memory of 2008 1736 cmd.exe 30 PID 1736 wrote to memory of 2008 1736 cmd.exe 30 PID 1736 wrote to memory of 2008 1736 cmd.exe 30 PID 1736 wrote to memory of 2008 1736 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2008
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD59e8388277bdc5d8a1409fd9461a9b95b
SHA1592ee68087745780306c43c4345f95a13c15ef5d
SHA2562247aaccc999fd173cd0b3be04c3604f5ebd6aea10bff72f60b9b2aeddc1d1e3
SHA5121c96025f0ee11fd6ed5f1e138e0854c4ada606b902a78f43ebc0d77603b8a3628f877925c8a6762bc8382f2f5bd8760b0e6ca24e1c30c82a2028da72c154b8f4