Analysis
-
max time kernel
133s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe
-
Size
79KB
-
MD5
a4ca571b00a993e1ac9afcf706c992f0
-
SHA1
516037c19deca4c659cb4d33df548e770c8ea748
-
SHA256
ebeb3e34d33da5624f70dfd802bc71ccc64dbc0602f0f8f9495a1cfa154fc0ef
-
SHA512
a4a86d78c4d68209b5645affeb6a0481b9cedc464d5b1ff8c70b07f11359f6a2c3b221f170bfde037f9e2fad2f560cb5bf788d085b5fc7df73485942e6b160cc
-
SSDEEP
1536:zvJRAT+S0kaNVu9TOQA8AkqUhMb2nuy5wgIP0CSJ+5y/AB8GMGlZ5G:zvJR6Z0FNVuUGdqU7uy5w9WMyYN5G
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2748 [email protected] -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3808 wrote to memory of 4628 3808 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 91 PID 3808 wrote to memory of 4628 3808 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 91 PID 3808 wrote to memory of 4628 3808 a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe 91 PID 4628 wrote to memory of 2748 4628 cmd.exe 94 PID 4628 wrote to memory of 2748 4628 cmd.exe 94 PID 4628 wrote to memory of 2748 4628 cmd.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4ca571b00a993e1ac9afcf706c992f0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3808 -
C:\Windows\SysWOW64\cmd.exePID:4628
-
C:\Users\Admin\AppData\Local\Temp\[email protected]PID:2748
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4180,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:81⤵PID:4652
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize79KB
MD5d6e7952bf291674b6ce13176de08ef7f
SHA19d7d97f6690b9632e994ca611a891d82156e2d86
SHA25680e20107d0bbc3e63123d2b2df9115ffb28a465bb9de759329035dc935227f02
SHA512af438d2e145ca46ba7a416dd1b98c86a9fb9efcde5814e76c05c37e2ac5aba488d21b510ee870bf616367d084b3594134644f420790b526f5c1edbfa5e496845