Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:17
Static task
static1
Behavioral task
behavioral1
Sample
a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a4b9a42d67b6faa98bb0e5f2de7c80a0
-
SHA1
b9294859b754b3b76e0db40b47b874ab81c1cfb8
-
SHA256
3b322c7b4fbc87d816c3ce0e7a89ee4ea3f1e648d2e7c4876d36d757d42b9622
-
SHA512
60859ee366348fe8f8429627c4d43d2cba523ef57eadb5c79381384d3ed783e629a131750df508b4b608b60d134d99e2a345f2f66015ba37e8591344f5bdb77c
-
SSDEEP
1536:zvXvQ623RLlw9AQrOQA8AkqUhMb2nuy5wgIP0CSJ+5yDB8GMGlZ5G:zv/q3RL69uGdqU7uy5w9WMyDN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3008 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3076 wrote to memory of 4748 3076 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 82 PID 3076 wrote to memory of 4748 3076 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 82 PID 3076 wrote to memory of 4748 3076 a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe 82 PID 4748 wrote to memory of 3008 4748 cmd.exe 83 PID 4748 wrote to memory of 3008 4748 cmd.exe 83 PID 4748 wrote to memory of 3008 4748 cmd.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4b9a42d67b6faa98bb0e5f2de7c80a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3076 -
C:\Windows\SysWOW64\cmd.exePID:4748
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:3008
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5c8a45fd3e865ffa9514e84573e8df44a
SHA1f0aa7729cba89c7c31649af8f0434fdc92573b73
SHA2563b4d4a652d94f52ab281031e0abb2427c939c02488afd0edc90bb759217b5da2
SHA512b4a5a7d168b65611c218faac36704f11046517294162ecf63fb61068e746e594ce21c19094ee5db2f7db25d3537a1a5469c1d4ef92984f6ff2eaf43dd8a70a4e