Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a42a6f6e95c60970d1e9a06846c58360
-
SHA1
63d0378f9f63c14562d362916005e393d153ad82
-
SHA256
631af64737e7a3f588fccafc7323f97bbc2c0d5d8d14bae3c76845b3a38f1398
-
SHA512
a077a95d2c4c82d3faf37c738a4c934ec3981ac7643558c61973757eb6d7956373766370ea0d8c23d868321ffeb5ed678ce66f39ed817c93f751446557c80583
-
SSDEEP
1536:zvJhQ75mZBMZsOQA8AkqUhMb2nuy5wgIP0CSJ+5yCB8GMGlZ5G:zvcc4DGdqU7uy5w9WMyCN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4600 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 900 wrote to memory of 5044 900 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 84 PID 900 wrote to memory of 5044 900 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 84 PID 900 wrote to memory of 5044 900 a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe 84 PID 5044 wrote to memory of 4600 5044 cmd.exe 85 PID 5044 wrote to memory of 4600 5044 cmd.exe 85 PID 5044 wrote to memory of 4600 5044 cmd.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a42a6f6e95c60970d1e9a06846c58360_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Windows\SysWOW64\cmd.exePID:5044
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:4600
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD59e8388277bdc5d8a1409fd9461a9b95b
SHA1592ee68087745780306c43c4345f95a13c15ef5d
SHA2562247aaccc999fd173cd0b3be04c3604f5ebd6aea10bff72f60b9b2aeddc1d1e3
SHA5121c96025f0ee11fd6ed5f1e138e0854c4ada606b902a78f43ebc0d77603b8a3628f877925c8a6762bc8382f2f5bd8760b0e6ca24e1c30c82a2028da72c154b8f4