Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe
-
Size
38KB
-
MD5
a4ca7e2085cbb6acc72f6e34d0594ae0
-
SHA1
1d829bd89834eb83d9c89cac6015a81cf7e3a74c
-
SHA256
7379ffa293b52dcd75b25fb3199c715162c7f053a8a28d733c354d9a6658d485
-
SHA512
6cea5050d3e2d1909fbc64dc9a5a65fad8cdf570b3bd852e2eae72a4f54da5d9d47b7b040e2890db7d26e44f5fa496d9218c86d3a7a868797ee6158129ca845e
-
SSDEEP
768:NLhcSDgpxUueqk230wHmIOdic+AvALEJ0X/t6:NLhcRLleqk4rTOdbvAwJ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1044 codecupdate.exe -
Loads dropped DLL 1 IoCs
pid Process 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28 PID 2168 wrote to memory of 1044 2168 a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4ca7e2085cbb6acc72f6e34d0594ae0_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\codecupdate.exe"C:\Users\Admin\AppData\Local\Temp\codecupdate.exe"2⤵
- Executes dropped EXE
PID:1044
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD57d52898ee4d401c49a7d0e1c41e9b646
SHA1701a2580be076fe3fe64195686f8c3fdd7c393e1
SHA2566bb8a8cb396bbf980ba54d11c5678a02e3a84012fb178f4a4b6b444b74b9d60d
SHA512960e027178b3244a1bc4c7df4720e22997c1af399480de889e9c651f6fe39751e83352a598658f2282c95a757653a1fdf6772d16f348f310cc0203fe7833f07b