Overview

overview

7

Static

static

3

db92d2b503...cs.exe

windows7-x64

7

db92d2b503...cs.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db92d2b50301e5a7c1d01a6151ffb190_NeikiAnalytics.exe

  • Size

    75KB

  • MD5

    db92d2b50301e5a7c1d01a6151ffb190

  • SHA1

    1cded579f5c351ccc6f958a6a47d2acc963df9f9

  • SHA256

    b0483d40a4a1b3090ea968302a0ca5cdf32d2edf35e736f4116f7ac06eae3cd1

  • SHA512

    4bd7650dfb99d9bd3fdb5a9f473490feef528c34e3f4dd7338cc5f1d1c14d2cba9f024912265533ad1eeba734287f4c894fa250a785bf7c56d692ac55788cf21

  • SSDEEP

    1536:0M7dHk0kFE2XtPIPtBovZck8OMvDgDcdOOKOBfL924xRz/srmRJ5:tJ7tBoKOuDg4dOOzhL924Ir8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db92d2b50301e5a7c1d01a6151ffb190_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\db92d2b50301e5a7c1d01a6151ffb190_NeikiAnalytics.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
      C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
      2⤵
      • Executes dropped EXE
      PID:3228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\olacweegim.exe
    Filesize

    75KB

    MD5

    8667a647a70f41516566ae0980aef35a

    SHA1

    23dc6e7bfe97c2475b192d6f4c4a382d71fb3ef1

    SHA256

    603c145e30527aa63cafa3fb8ed5b30b361da10755a992ec4e2e1bf31dc36ec4

    SHA512

    47ae44fed538866830c39c004033ff9ecd1f263421785505ae1b0ff77415296975dbd959ed09c36236479b20d94fe37a22bfb4bbb2f6da7a5348b5b9d6b766e6

    Download Submit

  • memory/2652-0-0x0000000000401000-0x0000000000404000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3228-5-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download