Analysis
-
max time kernel
122s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 12:56
Static task
static1
Behavioral task
behavioral1
Sample
a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a42ad9fedb0c3686e4a49589ebe09ae0
-
SHA1
56cdce6c1dba54675196c40b8d3e019612f5708e
-
SHA256
65b3c16f6555b3af1d17fdf44e66678143bda16512b89e64bb6454f8b107f7ec
-
SHA512
02252d0e98b54bb6bfadcd58c8468aead9f8f877129298b8ae20eb71817b96b01347bb98234fb9202e6c0121c33aa61a955bb2d19c21fde724ef88f9edc85e2e
-
SSDEEP
1536:zv61XZa5TE6RTSunOQA8AkqUhMb2nuy5wgIP0CSJ+5yWB8GMGlZ5G:zv6Ta5A6RAGdqU7uy5w9WMyWN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1328 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 2252 cmd.exe 2252 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1340 wrote to memory of 2252 1340 a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe 29 PID 1340 wrote to memory of 2252 1340 a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe 29 PID 1340 wrote to memory of 2252 1340 a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe 29 PID 1340 wrote to memory of 2252 1340 a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe 29 PID 2252 wrote to memory of 1328 2252 cmd.exe 30 PID 2252 wrote to memory of 1328 2252 cmd.exe 30 PID 2252 wrote to memory of 1328 2252 cmd.exe 30 PID 2252 wrote to memory of 1328 2252 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a42ad9fedb0c3686e4a49589ebe09ae0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1328
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD517f6ad5fab264d6228f89e1c24b79d9a
SHA10304c10f999dbd6958d5c59b7500ddbacb2f51f8
SHA256e35d9140ff1092cbd5baa2abd24aa4f161dc025858daccc9de944112e6d345a6
SHA5127db0af9ec02520594f9cd785178c95bbe65fe3ce2bf011ea4b48aa4cf4ecb7315c24819cd73b382f652e2fba3d41fbaf312bf5912d88282cfa9d45498841a888