Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:15
Static task
static1
Behavioral task
behavioral1
Sample
a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe
-
Size
78KB
-
MD5
a4a11c39b15ff6046e82a526a84abaf0
-
SHA1
7c8a6f82b97695b3dc5c30dbf6eb199f8fe6c00a
-
SHA256
8fc5e121bd5c2becc9a129c63d19bb541a261d45f6f0327287686bfdf48caa55
-
SHA512
e83f29b93c58f1bae7197eb4cdb8a71f970a58096377d35adee56feed6dd1b1a776cb482d97828a1464c2a608466d99bdd4dd6b164b80abc90637c26acb4292a
-
SSDEEP
768:UkCru/f9Iw/E6zy4n8uZ5tUXMJ+fROUmELY2glEbM3j+rd+fpjiTWNReOOG50b3h:Us1Tzy48untU8fOMEI3jyYf5iuOsuh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 3460 wrote to memory of 3744 3460 a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe 82 PID 3460 wrote to memory of 3744 3460 a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe 82 PID 3460 wrote to memory of 3744 3460 a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe 82 PID 3744 wrote to memory of 4956 3744 cmd.exe 83 PID 3744 wrote to memory of 4956 3744 cmd.exe 83 PID 3744 wrote to memory of 4956 3744 cmd.exe 83 PID 4956 wrote to memory of 3592 4956 iexpress.exe 84 PID 4956 wrote to memory of 3592 4956 iexpress.exe 84 PID 4956 wrote to memory of 3592 4956 iexpress.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3460 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3326.tmp\1.bat" "C:\Users\Admin\AppData\Local\Temp\a4a11c39b15ff6046e82a526a84abaf0_NeikiAnalytics.exe""2⤵
- Suspicious use of WriteProcessMemory
PID:3744 -
C:\Windows\SysWOW64\iexpress.exeiexpress /n /q /m C:\Users\Admin\AppData\Local\Temp\popup.sed3⤵
- Suspicious use of WriteProcessMemory
PID:4956 -
C:\Windows\SysWOW64\makecab.exeC:\Windows\SysWOW64\makecab.exe /f "~%TargetName%.DDF"4⤵PID:3592
-
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD502dba5f37067292355c6d01a57d4ef48
SHA17c67ab3f99fbf7a53018dd295d2968c525db83d9
SHA2568b74c812ba9e6c536da7edd4101e7e0dddeab8355e5aff095dd31b3f00560242
SHA51212201f949ee3198c8f4b39cc8edf90a114ecf42ddd5383ed0b87e4c78053cd517786dc7af83557e63a0483af74f4c0117d5568441ae761ff6958e758704d602a
-
Filesize
78KB
MD5741a534f9d926533dfbf66272cde571b
SHA1334dbec2c2b75ac56589aa7ad42848d0f225145b
SHA25604e30463f06cc33e8a1b467f8624fb0f56b1494db3696074a0d397182078d3a7
SHA5127ee974854fd2ce00fea101a3a6748741205372c865b914f099d434124592c264719053bc6f02f3c299882e5216025b29406b49190d6912d4de49657878af3029
-
Filesize
724B
MD5c3ca008abd6997c4b036a7e8be75cb2c
SHA105f7a3527bb04c691b08f040f562582035398829
SHA25629ef6bf47dcc8c67f1abe1b269d3518d6a4ebe125daa1ea460779638cb9782a3
SHA512bee0baf3cb83144239077f99f5ca2a6ca7b618f7f51a53e03613ae697e8bc76fa28f5d006296b469be8e1fffeeb35668b5fe87b260b1380cc003815ea9efb083