Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:17
Static task
static1
Behavioral task
behavioral1
Sample
a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a4b9a42d67b6faa98bb0e5f2de7c80a0
-
SHA1
b9294859b754b3b76e0db40b47b874ab81c1cfb8
-
SHA256
3b322c7b4fbc87d816c3ce0e7a89ee4ea3f1e648d2e7c4876d36d757d42b9622
-
SHA512
60859ee366348fe8f8429627c4d43d2cba523ef57eadb5c79381384d3ed783e629a131750df508b4b608b60d134d99e2a345f2f66015ba37e8591344f5bdb77c
-
SSDEEP
1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5yDB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMyDN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1692 [email protected] -
Loads dropped DLL 2 IoCs
pid Process 1320 cmd.exe 1320 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2192 wrote to memory of 1320 2192 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 29 PID 2192 wrote to memory of 1320 2192 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 29 PID 2192 wrote to memory of 1320 2192 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 29 PID 2192 wrote to memory of 1320 2192 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 29 PID 1320 wrote to memory of 1692 1320 cmd.exe 30 PID 1320 wrote to memory of 1692 1320 cmd.exe 30 PID 1320 wrote to memory of 1692 1320 cmd.exe 30 PID 1320 wrote to memory of 1692 1320 cmd.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c [email protected]2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:1692
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5c8a45fd3e865ffa9514e84573e8df44a
SHA1f0aa7729cba89c7c31649af8f0434fdc92573b73
SHA2563b4d4a652d94f52ab281031e0abb2427c939c02488afd0edc90bb759217b5da2
SHA512b4a5a7d168b65611c218faac36704f11046517294162ecf63fb61068e746e594ce21c19094ee5db2f7db25d3537a1a5469c1d4ef92984f6ff2eaf43dd8a70a4e