Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:41
Static task
static1
Behavioral task
behavioral1
Sample
a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a3c96509b1f2b1328061cdb26103e9f0
-
SHA1
fb81f372acdda4cd57ad884de3201305a7473ab6
-
SHA256
3c6271f75b55cc221ca807e72520c27f9e93f1e39600d0cb332c7ffad4a57ade
-
SHA512
e0aa03d46cadd6c29b22dffa1658dfd1f18969d014a38b9fff55f587b08564658af703ad54ddf14f7b160d3766f8eccb0d27007e28dc19557a4d632ac4e2b00f
-
SSDEEP
1536:zvOPgcj3ayKB3OQA8AkqUhMb2nuy5wgIP0CSJ+5y+B8GMGlZ5G:zv+eys+GdqU7uy5w9WMy+N5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1140 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 1872 wrote to memory of 2432 1872 a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe 83 PID 1872 wrote to memory of 2432 1872 a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe 83 PID 1872 wrote to memory of 2432 1872 a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe 83 PID 2432 wrote to memory of 1140 2432 cmd.exe 84 PID 2432 wrote to memory of 1140 2432 cmd.exe 84 PID 2432 wrote to memory of 1140 2432 cmd.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a3c96509b1f2b1328061cdb26103e9f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1872 -
C:\Windows\SysWOW64\cmd.exePID:2432
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1140
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD58d506c21c699561ad6a540bd8db64ee7
SHA1dc29e16ca9ab75bcf5532a1708f0c81bf2ffac5e
SHA25652bce85809e22a48bd8eeeea0dfa07b7e30d4087a20bec8802a7ba6ec76e1540
SHA512470c00e5c6868d9e632662ccb2d757be60a7e427c10804af437651ec3b56cfb2ac7262337517ed5bd4778214b161934a03c86845a1eef2ba2dc9202777502ebb